A dangerous new and this time certainly malicious Worm for iPhone has been discovered by F-Secure. To report the BBC find on its online site.
According to reports, the malware is affecting several hundred Dutch users who have chosen to unlock their mobile phone using the jailbreak procedure; this particular system, used today mainly to install software not coming from the App Store (including pirated software), obliges to use SSH which must be protected, in turn, by a password. Many users do not change the default one (Alpine) by exposing themselves to attack.
In the specific case, the worm appears to be very dangerous. It is in fact a real bootnet that assigns a remote user the ability to connect to the iPhone and execute commands without the knowledge of the legitimate owner of the phone. In his first "configuration", when you enter the address of the ING home banking service, you are redirected to a pirated site that tries to steal your login credentials.
F-Secure points out that the worm is currently limited to Holland and that the affected iPhones are still very few, but it does not fail to reiterate that it is a very dangerous software since it can spread from phone to phone among users who use the same Wifi hot spot. Moreover, as in other similar situations, the worm can certainly be modified both by the pirates who released it "in the original" and by other attackers.
Recall that the first real worm to exploit the hole opened in iPhone security by the jailbreak procedures combined with the imprudence of the users, required the payment of a sort of "size" in exchange for which the procedures for closing the bug. A second worm installed a desk wallpaper with the 80's singer Rick Astley. In both cases it was not possible to talk about real malware because there was no attack on the heart of the iPhone software system. In the case of the bug reported by F-Secure, however, we are faced with the first case of really dangerous software also because, as mentioned, properly exploited it provides full access to various telephone services.
Needless to say, in the case of economic damage caused by the worm in the current or future variants, it will be very difficult to put on the dock of Apple defendants who very clearly advise against the jailbreak operation.