New Virus Attacks iPhones

Security experts said, hackers have created a virus that attacks Apple Inc's iPhone and secretly takes control of the devices via their Internet connections.

Photo: New Virus Attacks iPhones

The virus has been detected in the Netherlands and can only attack iPhones whose users have disabled some pre-installed security features, according to analysts monitoring the progress of the virus, known as the Duh Worm.

The hackers are trying to use the virus to obtain passwords to banking sites in the Netherlands, according to Graham Cluley, a researcher with anti-virus software maker Sophos. When an iPhone user tries to access a bank website, the Duh Worm directs the browser to a look-a-like site controlled by the hackers, Cluley said.

The phones that are vulnerable are "jail broken" phones, where users disable key Apple security features to get around the terms of usage agreement that they are designed to enforce, Reuters reports.

It was also reported, two weeks ago, noted iPhone and Mac vulnerability researcher Charlie Miller warned users that jailbreaking their iPhone puts them at greater risk from attack.

The Duh worm uses the command-and-control strategy employed by traditional PC-based botnets to hijack data from the compromised device, then send it to a central server operated by the attackers, Wisniewski said. The server appears to be based in Lithuania, but the worm itself was probably crafted by Dutch hackers.

One task of Duh is to steal SMS-based authentication codes that some banks use to protect customers who are conducting financial transactions from their iPhones.

"Historically, hackers haven't been able to defeat the mTAN technology," said Wisniewski, talking about the mobile transaction authentication numbers that some banks send to customers as a second layer of authentication. When a user logs into a bank that supports mTAN, he or she receives a six-digit code that must be entered within the next 90 seconds to prove ownership of the account, Computerworld reports.

News agencies also report, incidentally, the worm doesn't just put up a fun picture or just spread it self, it steals data off the iPhone and sends it to the C&C server before yielding control to that server.

David Harley at Eset says the fact that the C&C server is down isn't necessarily good news.It could mean that control has been passed to a new server or some other change in botnet infrastructure makes it appear to be down. Or it could simply be that the ISP took the system down.

I want to repeat that this only affects iPhones that have been jailbroken and on which the user has installed SSH. I don't have a lot of first-hand experience with iPhones, but I'm told that a lot of the techier users who jailbreak iPhones go on to install a slew of UNIX tools including SSH as a package, and that this is why a lot of users are vulnerable. But I don't think anyone has any numbers or sense of how widespread the vulnerability is, PC Magazine reports.