Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

iPhone Trojan Sign of Things to Come?

Posted by Zonk on Wed Jan 16, 2008 04:43 PM
from the im-in-ur-iphone-removin-ur-apps dept.
Worms Hardware Apple
climber writes "Just days after the first scareware for OSX, researchers are pondering the problems of an iPhone exploit that could lead to larger issues. The Trojan pulls legitimate apps off the phone if you try to remove it, but it only infects iPhones that have 'been modified or opened through a security hole in the system.' Though this worm is more of an annoyance than anything else, it could be a proof of concept for a more serious attack. 'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"

Related Stories

[+] Apple: Fake Codec is Mac OS X Trojan 473 comments
Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."
[+] IT: First Scareware For the Mac 301 comments
I Don't Believe in Imaginary Property sends us news from F-Secure of what they claim is the first rogue cleaning tool for the Mac. MacSweeper is a Mac version of Cleanator, hosted from a colo somewhere in the Ukraine. The article points out that the company's About page is lifted verbatim from Symantec's site. With the Mac's market share closing in on double digits, perhaps it's not surprising to see the platform targeted with crapware as PCs have been for years. The F-Secure author adds as a footnote that a journalist said to him something you don't hear every day: "I visited the macsweeper.com website. I know I probably shouldn't have but I used a Windows PC so I knew I wouldn't get infected."
Firehose:iPhone Trojan by climber (53359)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

iPhone Trojan Sign of Things to Come? 25 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Keybindings Beta
Q W E
A S D
Loading ... Please wait.

  • What rock was she hiding under? (Score:5, Insightful)

    by dreamchaser (49529) <trellis66@NoSPAM.verizon.net> on Wednesday January 16, @04:48PM (#22071188) Homepage Journal
    She offers several reasons that the device isn't a good corporate tool.'"

    It's not even a *bad* corporate tool. It's a consumer device and was never meant (in its current incarnation) to be used for corporate uses. You can't even get one if your AT&T number is registered via a business account. It's like saying "this plum isn't a very good orange."

    Idiot.

    • Re:What rock was she hiding under? (Score:4, Funny)

      by Anonymous Coward on Wednesday January 16, @05:04PM (#22071396)
      I'll bet you she's a good corporate tool.
      [ Parent ]

    • Re:What rock was she hiding under? (Score:5, Funny)

      by OECD (639690) on Wednesday January 16, @05:06PM (#22071422) Journal

      It's a consumer device and was never meant (in its current incarnation) to be used for corporate uses.

      Also, it does not toast my bread AT ALL evenly. I am sorely disappointed with my purchase!

      Also, what does that link have to do with the rest of the summary?

      [ Parent ]

    • Re:What rock was she hiding under? (Score:4, Interesting)

      by arminw (717974) <aawmail.waterfreeclean@com> on Wednesday January 16, @05:10PM (#22071466)
      .....It's a consumer device and was never meant.....

      True, but even so, many executives have bought iPhones and ordered their reluctant IT dept. to support them. When the big boss speaks, most underlings do listen and try to please him/her. So, IT folks out there, you might as well figure on supporting the iPhone, even if Apple doesn't market it for corporate users. The big boss may come in sooner than you figure and DEMAND support for his/her shiny new iPhone.
      [ Parent ]

      • Re: (Score:3, Insightful)

        by Cro Magnon (467622)
        Same Old Stuff. IT should be used to supporting stuff that isn't ready for the Enterprise *cough*Windows*uncough*

        • Re:What rock was she hiding under? (Score:4, Insightful)

          by arminw (717974) <aawmail.waterfreeclean@com> on Wednesday January 16, @06:15PM (#22072362)
          ....... IT should be used to supporting stuff that isn't ready for .....

          But isn't that the fun and interesting part of an IT job. Coming up with clever solutions that others have not already thought of and pre-chewed and partially digested is what makes the life of a real engineer challenging and fun. This includes supporting Windows, possibly in ways and with methods the folks in Redmond have not even dreamed up yet.
          [ Parent ]

        • Re:What rock was she hiding under? (Score:5, Interesting)

          by Bert64 (520050) <bertNO@SPAMslashdot.firenzee.com> on Wednesday January 16, @06:10PM (#22072300) Homepage
          To support it? An iphone is a lot less hassle to support from a corporate perspective than other types of device such as blackberry...
          It uses standard IMAP, with support for SSL.. Standard SMTP with support for TLS...
          It can even VPN, using standard l2tp/ipsec.
          You don't need any additional software, assuming you're running systems that support the appropriate standards. Yes, the iphone does have some shortcomings but being a hassle to support is not one of them. It's just a case of people being scared of what they don't know.
          [ Parent ]

  • So FUD... and a non sequitur (Score:5, Insightful)

    by revscat (35618) on Wednesday January 16, @04:50PM (#22071202) Journal

    'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'

    So the summary starts off being nothing more than FUD, and since that won't hold water descends quickly -- albeit nonsensically -- into a completely different topic.

    I guess Zonk hates the iPhone. Or is looking for page views. Or something. *shrug* Whatever, none of this makes a lick of sense.

    • "dangers of a more malicious attack" (Score:5, Insightful)

      by Schraegstrichpunkt (931443) on Wednesday January 16, @05:06PM (#22071430) Homepage

      The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future.
      So the summary starts off being nothing more than FUD, and since that won't hold water descends quickly -- albeit nonsensically -- into a completely different topic.

      No kidding. News flash: If the iPhone is vulnerable, then the "dangers of a more malicious attack" are already there. The solution is to fix the iPhone, not to bitch and fearmonger about "hackers ... experimenting and gathering research".

      [ Parent ]

    • Re:So FUD... and a non sequitur (Score:5, Interesting)

      by Firehed (942385) on Wednesday January 16, @06:32PM (#22072556) Homepage
      Sounds about right. This so-called 'worm' is nothing more than a useless file - THAT YOU HAVE TO CHOOSE TO INSTALL - with a bad uninstaller script. It's about as much a worm as typing 'sudo rm -rf /' into the terminal because some stranger on the internet said it's a good idea (for the uninformed, it's a great idea, and definitely try it and give it your root password when prompted)*.

      The only known actual exploit on the iPhone is the TIFF exploit that JailBreakMe.com uses for powers of good (which, while jailbreaking the phone, also patches the exploit it used to do so). People that didn't use that hack likely updated to 1.1.2 firmware, which also patches that hole.

      No, it's (most irrelevantly) not a corporate blackberry replacement. It's not really perfect at anything, though I'll say that the solitaire game really lends it self fantastically to the touch interface. But unlike most multifunction devices which really half-ass everything, it does most things quite well and the sacrifices made are understandable and more importantly are not deal-breakers.

      *Hey, I'm a stranger on the internet. What did you expect, candy?
      [ Parent ]

  • trojans (Score:5, Funny)

    by Anonymous Coward on Wednesday January 16, @04:53PM (#22071242)
    I was always taught that trojans were good things that you used so you wouldn't get viruses. Now you're telling me something different?

    • yes, but (Score:5, Funny)

      by EmbeddedJanitor (597831) on Wednesday January 16, @05:39PM (#22071828)
      only if you roll it out on a banana like they showed you in sex ed class.

      That's a problem I always had as a teenager. It was easy to keep a condom in your wallet, but the banana got squishy after a couple of days and made an embarrassing mess.

      [ Parent ]

  • Curious (Score:5, Interesting)

    by Nom du Keyboard (633989) on Wednesday January 16, @04:53PM (#22071250)
    Curious how this only affects unlocked iPhones. Just who is that to the benefit of?

  • Wrong (Score:5, Insightful)

    by MBCook (132727) <foobarsoft@foobarsoft.com> on Wednesday January 16, @04:56PM (#22071286) Homepage
    1. It is not a worm. That would require it to spread
    2. Software installed on systems without privilege levels (like the old days of DOS or OS 7) is allowed to do anything... duh
    3. This isn't a flaw with the iPhone. Apple's way of installing applications may prevent this kind of stuff

    Anything that starts with "replace the firmware of your device with this hacked firmware" can obviously cause you problems.

  • I'm sure a Windows Mobile phone is more secure (Score:3, Insightful)

    by EmbeddedJanitor (597831) on Wednesday January 16, @05:00PM (#22071338)
    NOT!

    If you think the Windows desktop/server security is bad you should see the Windows CE security! Again, MS have delivered an OS that was designed for a disconnected system (PDA) then tried to put a crappy fence around it to make it secure in a connected world. Too little, too late.

    As for trojans, well no matter what OS you run, a dumb enough user with sufficient priviledges can always run a trojan. Nothing new here!

  • Doesn't this only support Apple's position? (Score:5, Insightful)

    by UnknowingFool (672806) <minh_duong.yahoo@com> on Wednesday January 16, @05:01PM (#22071346)

    but it only infects iPhones that have 'been modified or opened through a security hole in the system.'

    Since the very beginning, Apple has told people not to hack the iPhone because it could endanger the functionality and security of the device. Those who did could suffer when Apple updated the firmware. Now it appears hackers have found a way to compromise the iPhone because it had been already been compromised. By the way, the first hack into the iPhone require physical access to the phone so it's not like you surfing in your coffee shop will get you a Trojan. Someone first has to steal your phone and then hack it for this Trojan to work remotely.

  • Dresser (Score:5, Insightful)

    by Fnord666 (889225) on Wednesday January 16, @05:04PM (#22071400)
    From the summary

    It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"
    The author of the linked piece at Web Worker Daily said no such thing. In fact, the author didn't express a personal opinion one way or the other about the matter. The author was quoting a piece [forrester.com]written by Benjamin Gray, who works for Forrester.

    From the linked article

    At least, that's the conclusion coming out of Forrester, whose analyst Benjamin Gray, lists 10 reasons why the iPhone is not yet ready to be an enterprise-class mobile device.
    I will have to take the Web Worker Daily's word for it though, since I don't feel like ponying up $279 for a 6 page pdf.

    • Re: (Score:3, Insightful)

      by E-Rock (84950)
      It isn't a business device, but then I don't really think that's what it was designed to do in the first place. The iPhone doesn't play well with corporate data. POP e-mail isn't even available as a pull service from some companies and there is nothing t

  • Attack of the Weasels (Score:4, Insightful)

    by Bullfish (858648) on Wednesday January 16, @05:17PM (#22071558)
    Sadly, this is another sign that as Apple products grow in popularity that they will attract the attention of the weasels. Whether or not the statements the weasels make hold any water, or whether or not the scares turn out to be true, the weasels are arriving.

  • If I had mod points... (Score:5, Insightful)

    by zieroh (307208) on Wednesday January 16, @11:21PM (#22076128)
    If I had mod points, could I mod the entire article down?

  • Oh. And. (Score:4, Insightful)

    by Swift2001 (874553) on Thursday January 17, @06:58AM (#22078718)
    When Apple said, "Hey, you find a security hole to install third-party software, we're going to have to close the hole," everybody yelled and screamed. Now someone's using the back door that the hackers found. Well, as Gomer used to say, "Surprise, surprise." I wonder if the new software update closes that hole.

    • Re:Stuffed shirts (Score:5, Informative)

      by Ferzerp (83619) on Wednesday January 16, @04:58PM (#22071306)
      You do realize that in many (most?) cases, we are mandated by law to protect our information on mobile devices with passwords/encryption?

      I'm a huge advocate of personal freedom, but on an enterprise-class mobile device, support for centraly managed policy is a MUST to comply with HIPAA, SOX, etc.

      1984 does not apply to a corporate environment, sorry.
      [ Parent ]

    • Re:Love the tags on this story (Score:5, Funny)

      by e4g4 (533831) on Wednesday January 16, @10:20PM (#22075556)
      In other news, analysts say that the XBox 360 isn't ready for primetime in the corporate market. "Out of the box, all it does is play games," said one IT professional, "it won't even let you check email without installing a rootkit called 'Linux'." A security expert from Microsoft was quick to point out that, "when used as intended - the XBox 360 is very secure. When running a software firewall called 'Halo 3' and operated by a security technician who has earned the much touted 'Legendary' certification, you can rest assured your data is safe from parasitic aliens from outer space." Another security professional was less avid: "I think for now, the 360 should stay in the living room."
      [ Parent ]
Check for more

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.