First iPhone trojan

[bbloke]

It seems the first iPhone trojan has been discovered...

http://www.modmyifone.com/cmps_index.php

and

http://www.macworld.co.uk/ipod-itunes/news/index.cfm?newsid=20093

The first Trojan for the iPhone has been discovered. The first reports came from iPhone enthusiast site Modmyifone.com and were later confirmed by security research company F-Secure.


The virus does not currently pose a huge risk, the Trojan specifically targets users that have modified their iPhone so they can install third-party applications. The application masks itself as an update to Erica's Utilities and is labeled as "113 prep."



According to Modmyifone.com all the app does is say "shoes." However, when uninstalled, the application removes files from the /bin directory on the iPhone, breaking valid apps like Sendfile and Erica's Utilities.



The site hosting the application was taken offline soon after it was discovered, reports F-Secure.

"Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and then installing unverified software without a second thought to what they are doing," said F-Secure on its site.



F-Secure reported that it was an 11-year-old kid playing with XML files who created the Trojan. "Next time it might be someone else with more skills and with specific target," they said.

 

[eric2006]

So, this only affects "hacked" iPhones? Seems like Apple has a pretty secure phone if this is all thats hit them.

 

[symphonix]

Yeah, apparently if you make your iPhone to do things it wasn't intended to do, it might end up doing things it wasn't intended to do.

I'm just annoyed that Macworld didn't make their headline clearer; plenty of small-fry news services are going to pick up on this "iPhone has a virus!" story over the next few months, just because they couldn't understand the details.

 

[icemanjc]

Yah, that would be annoying, I can just see the headlines of news all over the place. So this thread should be named "First Trojan for Hacked iPhones".

 

[bbloke]

Yes, so far as I understand it, the trojan only affects hacked iPhones. I think the original hacks used a security flaw in order to get into the iPhone and install third party applications. These hacked iPhones can then have their security compromised "willingly" by users through trojans, as the iPhone is not meant to have the user install apps at this point. How far these trojans can go in wreaking havoc remains to be see, but this example seems tame at the moment.

Along similar lines, I think the iPhone had this security flaw (used by the hacks) patched with a newer version of the firmware, so I suppose that means that iPhones running the old firmware could, in theory at least, be vulnerable to exploits too, although not to this trojan.

I agree that MacWorld's headline was wrong and they should re-word it. They referred to a "virus," and not a trojan, for instance. Although the trojan only affects hacked iPhones, I think there are enough people out there who hack their iPhones (and iPod Touches) that this should be taken seriously. You are right, symphonix, that of course if you start hacking a device, the original manufacturer cannot be held responsible for what nasties you open it up to!

So this thread should be named "First Trojan for Hacked iPhones".

*Sigh*

Well, I think the thread title is OK as it is, although I do understand what you mean.

 

[nixgeek]

I heard that the iPhone pretty much always runs in a root mode, hence the reason Apple didn't want people writing their own 3rd party apps willy nilly in order to prevent something like this from happening. There are probably certain stipulations that devs have to follow in order to create the 3rd party apps without them getting compromised, but I guess time will tell.

 

[CharlieJ]

This isn't a virus. You can just uninstall it. Its stupid.

 

[bbloke]

Well, as the posts and articles state, it's a trojan rather than a virus. If you try to uninstall it, however, you will remove some other applications too...

http://www.theregister.co.uk/2008/01/07/iphone_trojan/

Hackers have created Trojan horse malware targeted at Apple's much-hyped iPhone device.

The package - more of a prank than a threat - poses as an "important system" upgrade supposedly needed prior to upgrading to version 1.1.3 of Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack malicious purpose. Problems kick in when users try to uninstall the package.

The bogus firmware reportedly affects components of other applications during the install process including Erica's Utilities (a collection of command-line utilities for the iPhone) and OpenSSH. If the user chooses to uninstall the rogue package, these others applications will also be removed leaving users of the much-hyped device with the chore of reinstalling these applications.

"This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat," Symantec researcher Orla Cox. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect".

Web sites hosting the malicious package were taken offline soon after the discovery of the low-risk nuisance over the weekend. Although little damage was done users ought to take the incident as a warning to be careful about what packages they install on their phones.