Attack tool can hijack data off unlocked iPhones
Hackers can steal data off jailbroken iPhones by leveraging the same vulnerability that currently is being used to spread a mischievous worm.
The new exploit, spotted by researchers at Intego, a Mac security firm, allows attackers to siphon data off victim devices, including music, text messages, email, contacts and other personal information.
Peter James, an Intego spokesman, told SCMagazineUS.com on Wednesday that public attack code is circulating across various internet forums, but researchers are unsure if there have been any in-the-wild exploits.
An Apple spokesperson did not respond to a request for comment.
The same vulnerability that an Australian hacker recently leveraged to launch a worm prank -- which changes the victim iPhone's wallpaper to a photo of 1980s pop star Rick Astley -- is the same one that can be used to steal data, James said.
The attack occurs on an SSH-enabled jailbroken iPhone, meaning the device is unlocked so users can install software not available via iTunes, he said. If users fail to change their default password for SSH, which enables iPhones to remotely talk to each other over the internet, an attacker can gain root access to the device.
"Anyone can connect to the iPhone using this password," James said.
Attackers perpetrate the theft by installing a tool on their computer, and then waiting, such as at an internet cafe, for jailbroken iPhones to be present, he said.
"It will suck down the data and save it," James said.
He said he expects attacks targeting unlocked iPhones to rise in number and severity. James said users should avoid jailbreaking their phones, but if they do, they must remember to change the default SSH password, if the utility is running. Apple, he added, has no obligation to fix the issue.
"You're opening up holes that don't exist in the normal Apple version of the phone," James said.
Businesses, meanwhile, should understand that some company-issued iPhones might be at risk, Andrew Jaquith, a senior analyst at Forrester Research, wrote Tuesday in an blog post.
"Ironically, business users who travel internationally are more likely at risk," he said. "Incentives to jailbreak exist because Apple and AT&T will not unlock iPhones to allow the use of prepaid or other third party SIMs (subscriber identity module cards) while traveling. Even original iPhone users who have fulfilled their two-year contract cannot unlock their phones."
But Jaquith said the latest attacks do not necessarily forebode an influx of Mac mobile malware. Still, users should be careful.
"The only conclusions I would draw are these: If you choose to jailbreak, know what you are getting into," he said. "Read as much as you can about what the process does to your phone, and what precautions you should take if you install software that increases your attack surface."
James estimates that six to eight percent of iPhones are jailbroken.