A Swiss iPhone developer has unveiled a new application
SpyPhone that is capable of harvesting huge amounts of personal data from iPhones, including data like
- geolocation data
- passwords
- address book entries
- email accounts information
- images
- Safari Browsing history
- youtube related data
- keyboard logger, etc
via wmexperts.com
In oder for SpyPhone, to work, it does not need any exploits or any jailbreaking/firmware modification, attacks in order to access the iPhone’s data. Instead, SpyPhone relies on using the iPhone’s usability and depth of features to its advantage, the app uses the public API exposed by Apple’s SDK. Once an application is on an iPhone, it has unrestricted access to the large amount of the data and settings available on the device. SpyPhone is more like a Trojan sitting in your OS silently and stealing data. All of the SpyPhone’s operations are executed in the background, without the knowledge of the iPhone’s owner, and just like any other Trojan, the application can be set to email reports on each infected phone back to the attacker.
Seriot, the application developer, has posted the source code for SpyPhone online. Which increases the risk of the app being used by malicious hackers in their dodgy apps that might end up in the app store.
Any app in the App Store may have this, making it very hard for Apple to eradicate the issue.
iPhone worm
The
first few worm that hit jailbroken iPhones was mostly harmless. The new iPhone infection operates on exactly the same principles as the first, as it targets jailbroken handsets with
SSH installed, but this time adds the ability for the hacker to remotely control and access the phone and by displaying a fake ING Direct login page, the hacker can collect your online banking credentials. The Vulnerability was first detected in Netherlands and might soon spread across to other countries. It is also said that the worm could jump from phone to phone among owners using the same wi-fi hotspot. With the iPhone becoming more common, we should be seeing more of such security vulnerability targeted towards the iPhone.
via bbc.co.uk
Security Vulnerability iPhone
A few days ago we saw how a hacker in Netherlands took advantage of the Security Vulnerability on Jailbroken iPhone. If you have made the mistake of not changing the default root password you are vulnerable to this security flaw.
The worm apparently changes the lockscreen of infected phones to a picture of 80s singer Rick Astley. The worm was written by someone who goes by the name of ikee. A blogger posted the transcript of an IRC chat with ikee, in which he explained why he created the worm. The source code of the virus was made available for a while and was later taken down.
The lesson here , CHANGE THE DEFAULT PASSWORD if you have jailbroken your device. To Change the default Root Password on the iPhone :
- Get an SSH program like putty for windows.
- SSH to your iPhone.
- Again in putty or any ssh client type: “passwd”. You’ll then be asked for a new password, you can change this into anything you want.
jailbroken iphone hacked
Many of us have jailbroken our iPhones, and if you have made the mistake of not changeing the default root password are vulnerable to the simple intrusion method that can be used to hold iPhones hostage, just like this guy from the Netherlands.
This guy didn’t inflict any serious harm and only demanded a small optional payment, and limited his activity to the Netherlands. Whoever learns from his approach might not be as nice. so if you have a jailbroken device please Change your root passwords or disable SSH.
How to Fix this
