A new iPhone worm is targeting Dutch iPhone users and trying to steal their banking information for ING, according to F-Secure and a BBC news report.
The worm attacks iPhone users who have installed OpenSSH and not changed the default password. This vulnerability is similar to establishing a Wi-Fi network and not changing the default password on your router. If you have OpenSSH installed on your iPhone please follow these directions to change your password.
Once compromised, a users iPhone will redirect ING customers to a lookalike site with a log-in screen.
"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.
"It's fairly isolated and specific to Netherlands but it is capable of spreading."
A spokesperson for ING Bank told BBC that a warning was going to be put on the bank's official website.
"We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands."
Sadly, these attacks coupled with questionably worded journalism is likely to put jailbreaking in a negative light. A reminder to those reading, jailbreaking does NOT put your iPhone at risk. Installing SSH, a communication protocol, without setting a unique password, does.
Users who have jailbroken and unlocked using BlackRa1n and BlackSn0w are NOT at risk unless they specifically used Cydia to install OpenSSH, left it running, and did not personalize their password.
Read More
The worm attacks iPhone users who have installed OpenSSH and not changed the default password. This vulnerability is similar to establishing a Wi-Fi network and not changing the default password on your router. If you have OpenSSH installed on your iPhone please follow these directions to change your password.
Once compromised, a users iPhone will redirect ING customers to a lookalike site with a log-in screen.
"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.
"It's fairly isolated and specific to Netherlands but it is capable of spreading."
A spokesperson for ING Bank told BBC that a warning was going to be put on the bank's official website.
"We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands."
Sadly, these attacks coupled with questionably worded journalism is likely to put jailbreaking in a negative light. A reminder to those reading, jailbreaking does NOT put your iPhone at risk. Installing SSH, a communication protocol, without setting a unique password, does.
Users who have jailbroken and unlocked using BlackRa1n and BlackSn0w are NOT at risk unless they specifically used Cydia to install OpenSSH, left it running, and did not personalize their password.
Read More