Abeon Tech

While the Mac OS may be almost impervious to trojans and virii, the iPhone isn’t.
In recent weeks there have been three different trojans aimed at taking control of jail broken iPhones and one of these trojans tries to steal any banking data stored on the phone! As more and more banks release iPhone apps to make banking on the move easier, the possible attack vector for the malwares creators get larger.

This article covers what the risks are and how to prevent this type of attack…

The latest wave of iPhone attacks have revolved around one primary issue: Jail broken iPhones.
A simple explanation of Jail breaking is quoted from Wikipedia

Jailbreaking is a process that allows iPhone and iPod Touch users to run unofficial code on their devices bypassing Apple’s official distribution mechanism, the App Store. Once jailbroken, iPhone users are able to download many applications previously unavailable through the App Store via unofficial installers such as Cydia, Rock App, Icy, and Installer. Cydia is preferred by the community, while Rock App has a small catalog of mainly paid apps. Icy and Installer are officially unsupported by their developers and rarely used. Cydia founder Jay Freeman estimates that 4 million (out of 40 million) iPods and iPhones are jailbroken.[1] A jailbroken iPhone or iPod Touch is still able to use and update apps downloaded and purchased from Apple’s official App Store.

Jailbreaking is distinct from SIM unlocking, which is the process by which a mobile device is made compatible with telephone networks with which it was not specifically licensed to be used. Jailbreaking, while not illegal, gives a user the option to install cracked (pirated,) apps, which is illegal. Jailbreaking voids Apple’s warranty on the device.

The iPhone trojan attacks started as silly “Rick Rolling” hacks, but quickly turned into fully fledged bank phishing software!

These trojans will only effect you if you have Jail broken your iPhone to work with unofficial software and games and have not changed the default SSH account created by “unlocking” your iPhone.

The most harmful trojan is currently known as “iPhone firmware 1.1.3 prep”, or “113 prep”.
It is written in Python and allows hackers access to the victim’s device from a computer running Windows, OSX/Unix and Linux. Nearly any data stored on the iPhone can be stolen and this trojan allows them to do just about anything with the stolen data.

Just think if this malware accessed your messages, bank account, paypal account, or other apps containing sensitive information.
It could very easily turn nasty.

Below is a simple guide on how to prevent this happening…

Secure Your iPhone’s SSH Password!

Here’s how to change default SSH password on a jailbroken iPhone :

1. Make sure you have Cydia installed on your jailbroken device. If you don’t already have MobileTerminal installed, launch Cydia and tap the ‘Search’ tab in the bottom navigation bar.

3. Navigate to the newly installed ‘MobileTerminal’ application and tap to open.

4. In MobileTerminal, type ’su root’ and tap return. It will ask you for a password, enter “alpine” and tap return again.

5. Now, type “passwd” and then tap return. Type in a new password such as “secret” (but not a word in the dictionary!) and tap return. Retype the new password to confirm and then tap return one last time to change the password.

6. Now, your SSH password will be changed and your device will be protected against any future hacks that use SSH to access your device.