iPhone Trojan Sign of Things to Come?

climber writes "Just days after the first scareware for OSX, researchers are pondering the problems of an iPhone exploit that could lead to larger issues. The Trojan pulls legitimate apps off the phone if you try to remove it, but it only infects iPhones that have 'been modified or opened through a security hole in the system.' Though this worm is more of an annoyance than anything else, it could be a proof of concept for a more serious attack. 'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"

Re:Stuffed shirts

[Ferzerp]

You do realize that in many (most?) cases, we are mandated by law to protect our information on mobile devices with passwords/encryption?

I'm a huge advocate of personal freedom, but on an enterprise-class mobile device, support for centraly managed policy is a MUST to comply with HIPAA, SOX, etc.

1984 does not apply to a corporate environment, sorry.

Re:"dangers of a more malicious attack"

[Your.Master]

I don't think "unlocked" is the right word for a hacked iPhone. They were hacked through a security hole. So by "fix" he may well mean "close the security holes". You know. Fix the security bug.

Of course, people who hack it to hell and then don't ever upgrade again (in fear of bricking or whatever), their phones can't be fixed by their own actions.

Re:"dangers of a more malicious attack"

[die444die]

That security hole has been closed for a while, which is why you can find people trying to downgrade their iPhones back to 1.1.1 which will reintroduce the security hole, allowing them to jailbreak their phones again. The phones were infected when users who had already intentionally jailbroken their phones downloaded a new application from an unsafe software repository.

Re:What rock was she hiding under?

[Anonymous Coward]

I assume you've never seen or used a BES (Blackberry Enterprise Server) in a medium or large corporate environment.
Maybe the iPhone is easier if your corporation is less than 10 users and John is your trusted IT guy. Do that many companies really allow direct access to POP/IMAP/SMTP from the random internet to the corporate email system? You can fire up Thunderbird and connect to your companies email? Not a single place that I've worked has done that. Really.
One person can maintain thousands of crackberries from one console. "Maintain" means provision, destroy, deploy, maintain, monitor, manipulate, update, and configure all aspects of the device. You can even see who currently has a signal and when their device was last seen somewhere in the world and when it last sent and received email, feedback on if your changes made it to the device and the response, update passwords, encyption keys, service books, see if new policies were applied to the device, how many messages are queued for delivery, and email alerts to yourself or a syslog when a certain % of all of your users are not getting coverage or the queue backs up. You can erase and wipe out the units with tracking if the device got that signal or not.