Page last updated at 10:26 GMT, Monday, 23 November 2009

New iPhone worm can act like botnet say experts

iPhone
Jail-breaking an iPhone handset invalidates the warranty says Apple.

A second worm to hit the iPhone has been unearthed by security company F-Secure.

It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.

It redirects the bank's customers to a lookalike site with a log-in screen.

The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset.

The handsets at risk also have SSH (secure shell) installed.

Many people use SSH so other programs can remotely connect to an iPhone and, among other things, transfer files. It comes with a default password, "alpine" which should be changed.

Only users who have installed SSH and not changed the password are at risk.

The new worm is more serious than the first because it can behave like a botnet, warns F-Secure.

This enables the phone to be accessed or controlled remotely without the permission of its owner.

'Clearly malicious'

"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.

"It's fairly isolated and specific to Netherlands but it is capable of spreading."

He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot.

A spokesperson for ING Bank said that a warning was going to be put on the bank's official website.

"We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands."

The first iPhone worm, called ikee, was harmless. Users with infected phones found their wallpaper replaced with a picture of 1980s popstar Rick Astley.

It also targeted jail-broken phones which were SSH enabled.

Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.



Print Sponsor


SEE ALSO
Worm attack bites at Apple iPhone
09 Nov 09 |  Technology
Apple removes anti-virus advice
03 Dec 08 |  Technology
Windows virus bites Apple iPods
18 Oct 06 |  Technology
Can Microsoft make its future mobile?
15 Dec 08 |  Business
Apple announces cheaper 3G iPhone
09 Jun 08 |  Technology
Boom times ahead for smartphones
27 Aug 04 |  Technology
Palm unveils smartphone at show
09 Jan 09 |  Technology
Looking back to Apple's future
23 Jan 09 |  Technology
Apple posts best quarterly profit
21 Jan 09 |  Business
Apple spoils iPhone forgery plans
07 Jan 09 |  Technology
Digital rights war looms ahead
13 Jan 09 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2013 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific