IPhone / SmartPhone Security

There has been several well known threats to the iPhone which include : -

• “Rick Astley” Rickrolling worm – non malicious; affects only jailbroken (Unlocked to specific carrier) iPhones which have not changed their default password. When an iPhone is Jailbroken, it installs an OpenSSH daemon (I found this very strange!) which is left running on the device. The worm itself only changes the background to a picture of Rick Astley (The 90’s pop star) with the words “ikee is never going to give you up”.  Commonly referred to as either the Rickrolling or ikee worm.
• Second worm based on same vulnerability as the Rickrolling/ikee one is Malware which is named iPhone/Privacy.A. “This worm sits on a PC and scans the IP space for signs of a Wi-Fi-connected iPhone with the default SSH password. Once it finds one it siphons all the user’s personal data, including e-mail, contacts, photos and other data.”. This was identified by Intego MAC security software firm shortly after the ikee worm.
  • http://blog.intego.com/2009/11/11/intego-security-memo-hacker-tool-copies-personal-info-from-iphones/
  • A third worm is even more malicious and is a physhing attack (Probably will be called ING worm?) as it redirects users to a false ING website to try and extract client information from the victim. This has not been named and there may not yet be a fix for this apart from resetting the phone back to factory default..
  • Charlie Miller / Blackhat 2009 demonstrated a SMS vulnerability where all iPhones were affected (Not just jailbroken phones). This exploits a vulnerability with the way the phone handles memory for SMS and largely is caused from a flood of SMS control messages to the phone which either crashes the phone/reboots or gives the attacker access to execute malicious code! This also affects Google’s Android operating system as well but not much detail with that. As I understand Apple have released patch for this to resolve the issue. More information here:
    • http://arstechnica.com/apple/news/2009/07/apple-patching-critical-sms-vulnerability-in-iphone-os.ars
    • Mid November iPhone Botnet – Again against ‘jailbroken’ iphones. There are many still actively trying to connect to the Botnet controller but this is down. I found some updated information on the XS4ALL site: http://www.xs4all.nl/veiligheid/security.php. XS4ALL security group found this botnet worm.
    • Another “Jailbroken” “Ransomware” worm which a Dutch Hacker is using to exploit the SSH vulnerability. There is a fair bit of information on this I found on Intego as well. The hacker is trying to get money from people who are infected more information here on Intego as well.
      • http://blog.intego.com/2009/11/03/iphone-ransomware-dutch-hacker-exploits-jailbroken-iphone-bug-and-asks-for-money/

There are vulnerability scanners which can detect Jailbroken phones (Beyond Security and Nessus). I am sure the other vulnerability scan vendors will also have method to detect a Jailbroken iphone. Much as the device is now a handheld PC it is susceptible to any vulnerabilities that hackers find, so is important to keep the devices updated from Apple updates much like we are used to with Windows PC’s.  Most of these attacks are based on the SSH vulnerability for Jailbroken phones – users who have not changed the default password are at risk. The SMS attack though demonstrates that there can still be vulnerabilities in the non broken iphones as well.

I guess though from a Service Provider perspective if a user has Jailbroken their phone then that is their bad luck if they are attacked, though the cost of bills from such attacks particularly botnet type of threats may give customers some very high and unexpected usage bills! They say approximately 8% of iphones are Jailbroken, and that iPhones account for 50% of the smartphone market now.

I am still trying to find out if IDP/IDS devices can detect signatures based on iPhone attacks. This should be possible though I have not been able to find any specific information on signatures and weather these are effective means to combat these threats.