F-Secure reports a trojan has been created for jailbroken (unlocked) iPhones. A trojan is simply an application that tricks users into installing it by promising something other than what it actually does when executed.
“The trojan installation package contains false application installation information that causes legitimate third party applications to be removed if the trojan is uninstalled from the iPhone,” F-Secure reports. “Web sites hosting the malicious package were taken offline soon after the discovery of the low-risk threat.”
F-Secure opines, “Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and then installing unverified software without a second thought to what they are doing.”
F-Secure warns, “This time it was an 11-year-old kid playing with XML files who created the trojan. Next time it might be someone else with more skills and with specific target.”
Full article here.
[Thanks to MacDailyNews Reader “Too Hot!” for the heads up.]
MacDailyNews Take: This does not affect locked iPhones running Web apps as intended by Apple. As we always advise Mac users: Do not install anything from an unknown and/or untrusted source. iPhone is not currently set-up by Apple to have unauthorized applications installed and run, so be extra careful if you have jailbroken your iPhone or wait for Apple’s official SDK (February) and the attendant iPhone firmware update before installing third-party iPhone applications.
Haha! The fact that jailbroken phones use an exploit to begin with means this should come as no surprise. People are dumb.
I’m waiting for comments from those rabid unlocking types.
Eleven year old kid developed the Trojan Horse? My, my, don’t Ma and Pa have a precocious child. I wonder if Apple will offer this lil’ evil genius a job with a milk and cookie salary.
Should we care? I don’t unless this could potentially affect legitimate iPhones.
A [one][1] trojan. Well that seals it then, we should stop using all Apple products today and go back to uh… um… ummmm… What was it again that we were using before, that was more secure than OS X – uh – Oh wait, I remember – NOTHING!
A Trojan should be no big surprise. They exist for every system that allows users to install their own applications. Of course the Jailbroken iPhone is the only iPhone that allows the user to install their own apps.
No news here – move along …..
I wonder if his/her father rubber stamped this….
Those wacky hackers are just ribbing them.
Hats off to Erica Sadun for helping in creating the first iPhone trojan.
Of course, because there’s malware for jailbroken iPhones but none for legit iPhones, must mean that the vast majority of iPhones are jailbroken. The legit ones are only secure because there are so few of them…
You sanctimonious blowhards can bite me. I have a jailbroken iPhone because I love Apple products and I live in a country where Apple doesn’t yet sell them. So please get off your high horses. You are starting to sound like the Ted Haggard’s of the world.
This is just the price you pay for any system that allows to modify it. There are trojans for Mac OS X, so it’s no surprise there’s now one for an unlocked iPhone. It doesn’t matter how secure a system is if the user bypasses all of the security measures.
I have to laugh about Ampar’s comment, though: “legitimate” iPhones? So if some one modifies a product that they own, it’s no longer “legitimate”? No longer covered by the factory warranty probably, but I fail to see how modify your own property somehow makes it’s “illegitimate”….
And Silverhawk’s comment about “rabid unlocking types” is kind of funny as well. If some one wants to modify a product that they own, why does that make them “rabid”? Maybe if they scream that everyone should modify stuff, but if they just want additional functionality for their own use? Doesn’t sound very rabid to me…
I don’t own an iPhone for two simple reasons- it does not have certain features that I have on my current phone, and it is not available through a carrier that I’m willing to use. None of the major carriers have strong signal strength where I live, and they all do where I work. While I’m not exactly a fan of Sprint, they at least offer a service plan that meets my needs (which are not very high- we use less than 550 minutes per month on 3 lines). Why pay for more minutes that I simply don’t use? Those 3 lines run me under $90 per month, and no other carrier has been able to match that. I check every few months, and have never found another carrier to even come close to that monthly price. I’ll happily switch if other carriers would save me some money or offer some other additional value for the same cost. They way I see it, all of the carriers in the US are basically crooks, so I might as well use the one that “steals” the least from me…
With all that in mind, once something like Docs To Go is available on the iPhone, there’s decent To-Do list functionality, and I can get a plan that fits, I look forward to getting an iPhone. I’ll hold off until then, though, as I’d just lose too much functionality otherwise.
“I have to laugh about Ampar’s comment”
Thanks. I’ll be here all week. Try the waitress and tip your veal.
If you jailbreak an iPhone, then you should accept the risks? Better?
– Longtime Sanctimonious Blowhard and Proud of It
Didn’t I see something last fall that estimated as many as 1/4 of all iPhones sold were being hacked to work on non-US AT&T;networks? Still, what were they iPhone users downloading from this kid?
“Still, what were they iPhone users downloading from this kid?”
More details here:
http://www.modmyifone.com/forums/showthread.php?t=24323
So what this is telling us is that someone who navigated to a website and purposefully and willfully allows an unknown party to execute remote code on their iPhone (this is the jailbrake process). Has to be told that someone can execute a trojan on their iPhone…I wonder why this took F-Secure so long to figure out?
This one is slightly worse than writing your passwords on the back of your phone in magic marker.
Call me when the trojan can be delivered by simple website navigation or through Edge or Wifi.
zac
So an idiot…uhhh, user jailbreaks their phone and goes to a website put up by some unknown person. They proceed to download and install software from this site without knowing anything about the software or where it comes from and they infect themselves with a trojan. This is considered a security threat to the iPhone?
No, this is what some really honest IT people have been saying for years-the biggest security threat to any system is the morons…uhhh, users of the system.
so let me get this straight…..
I can run programs on the iphone?
and this is supposed to scare me…. f-secure is C.R.A.P.
Honestly, I have my iPhone hacked. It’s not all that great. The only thing I seem to use is the iTunes Library swapper so I can put media from two different Macs on the iPhone. Other than that, maybe Stumbler, and Solitare. Most of the other apps are crappy or not really useful.
Guess I can be considered one of those sanctimonious blowhards too. I don’t see much purpose in hacking/jailbreaking my iPhone. But then AT&T;gets great reception where I’m at and I’ve had no complaints with them thus far… as a matter of fact their customer service has been very pleasant in dealing with porting my number over after my contract with verizon expired—I got the iPhone about a week and a 1/2 b4 my contract expired and then ported my number upon expiration, so I needed customer service to do that. As for the ability to run 3rd party apps on mine, I’ll wait for the SDK and the onslaught of apps to follow… just seems to be the most stable way of doing it to me. I mean, what’s the point of having a phone you’re constantly having to worry about being bricked or compromised in some way? I guess if you’re doing it b/c of the network it’s one thing, but to do it just so you can run 3rd party apps a few months b4 others… I just don’t see the point.
But if you decide to jailbreak your iPhone, you really shouldn’t complain about compromises and whatnot if/when they occur. That’s the risk you willingly took when you hacked it.
Just my 2¢
This is what Steve Jobs was talking about, what he feared might happen, yet people still probably wont listen to his reasoning.
Did someone need a biting here? Ampar… help a brother out. Who needs to sit at my feet and learn the wisdom, no, dare I say, GENIUS, of my 30 plus years of all things Apple?
Maybe I can help ‘ole Zuney to finally see the light.
Sorry, I forgot to log in. Now… who needs to pearls of my wisdom. Are there Obama supporters here that are filling a little misty? Is there a neocon or two that long for the good ‘ole days of the gipper? I can prognosticate on any subject and deliver wisdom and guidance.
The Mel…. if ya jailbreak your iPhone, and then are dumb enough to download and install a third party app from an unknown website… yer an idiot. Plain and simple. Now, I don’t consider you personally an idiot, I’m speaking… uh… estemproa… uxtemporanieous…. er… extemporaneously. That means I’m talking to you while having an LSD trip.
“extemporaneously”
I thought that was bad timing for a shower.
11 years old, ehh..
Must be some of Ballmer’s offspring. This is what happens when you don’t let you kids have iPod’s!!!