Tag Archives: iphone

iPhone worms can create mobile botnets

1
Posted by Tech Paranoia on December 22, 2009 – 10:00 am
Filed under Malware
Tagged as ,

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks.

The IKee-B iPhone worm, released in late November, exploited default root passwords on jailbroken iPhones to turn the smartphones into botnet clients under the control of a server based in Lithuania. The worm affected iPhone users in The Netherlands, and specifically targeted customers of Dutch online bank ING Direct.

Security researchers at SRI International – noted for top notch work in dissecting the Conficker botnet – published an analysis of the iPhone botnet on Monday that warns users of Apple’s device and similar smartphones to expect more of the same in future. Warnings about mobile malware have been circulating for years. But it’s only since the advent of iPhones and other smartphones, allowing decent internet access with what’s essentially a mini-computer, that such risks have become tangible, rather than the stuff of anti-virus vendor PowerPoint slides, SRI warns.

Unlike the previous generation of cell phones that were at their worst susceptible to local Bluetooth hijacking, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet.

Although the iKee.B botnet discussed here admittedly offers a rather limited growth potential, iKee.B nevertheless provides an interesting proof of concept that much of the functionality we have grown to expect from PC-based botnets can be easily migrated into a lightweight smartphone application. iKee.B demonstrates that a victim holding an iPhone in Australia can be hacked from another iPhone located in Hungary, and forced to exfiltrate its user’s private data to a Lithuania C&C server, which may then upload new instructions to steal financial data from the Australian user’s online bank account. While it is unclear just how well prepared smartphone users are to this new reality, it is clear that malware developers are preparing for this new reality right now.

SRI’s researchers conclude that although the Ikee-B worm is simpler than its PC relatives, it comes with the potential to evolve in something even nastier.

The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

Source: The Register

Operation Chokehold Begins Today

0
Posted by Tech Paranoia on December 18, 2009 – 12:47 pm
Filed under Voice
Tagged as , , ,

Operation Chokehold, the plan by Fake Steve Jobs to overwhelm the ATT data network in protest of recent comments by ATT CEO Ralph de la Vega, begins today at noon PST.

Whether or not this protest will have an effect on the  network is yet to be seen and there has been some backlash against the plan by ATT and the FCC as seen here.

Fake Steve Jobs has some last minute comments regarding the protest.

Will you be participating? Were you affected by any data outages during this protest? Leave a comment and let us know!

Fake Steve Jobs Encourages Users To Join Operation Chokehold

2
Posted by Tech Paranoia on December 15, 2009 – 4:00 pm
Filed under News, Voice
Tagged as ,

Hot on the heels of AT&T CEO Ralph de la Vega’s announcement that the carrier would be pursuing tiered pricing for data plans, Fake Steve Jobs took AT&T to task. Ah, but he didn’t stop there. Fake Steve has a plan to bring AT&T to its knees on Friday: Operation Chokehold.

Already amazed at the fact that AT&T is complaining about how users love the iPhone so much that 3 percent of its users use 40 percent of the bandwidth, Fake Steve has an idea to have 100 percent of iPhone users snag 100 percent of AT&T’s bandwidth. Operation Chokehold is the idea of Fake Apple engineers, who proposed the following scenario via email:

Subject: Operation ChokeholdOn Friday, December 18, at noon Pacific time, we will attempt to overwhelm the AT&T data network and bring it to its knees. The goal is to have every iPhone user (or as many as we can) turn on a data intensive app and run that app for one solid hour. Send the message to AT&T that we are sick of their substandard network and sick of their abusive comments. THe idea is we’ll create a digital flash mob. We’re calling it in Operation Chokehold. Join us and speak truth to power!

The idea has become viral. There is now a Facebook page dedicated to Operation Chokehold, and Fake Steve didn’t even have to create it himself.

Source: HotHardware

Droid Smartphone Hacked

0
Posted by Tech Paranoia on December 11, 2009 – 10:32 am
Filed under Hacks
Tagged as , ,

First the iPhone, now the Droid: A hacker has unleashed an exploit that lets a user wrest administrative root control of his or her Motorola Droid smartphone.

The code, which was posted on the AllDroid online forum, lets a user gain root privileges to either Motorola Droid Android 2.0 or Android 2.0.1 version phones. That basically means a user can run whatever themes, gadgets, and applications he or she wants — akin to a jailbroken iPhone. The Droid, which is based on Google’s Android operating system, runs on Verizon’s network.

Unlocking or jailbreaking comes with its risks, too, of course: Not only could it possibly “brick” or render the device unoperational and deactivate its warranty, but a jailbroken phone also leaves the door open for malware writers.

Andrew Storms, director of security operations for nCircle, says the danger to enterprises is that users could then work around any IT security policies. “I’m telling IT, ‘Don’t ignore people coming back after Christmas with their new Droids,’” Storms says. “They are going to want them for work, and you have to get one and see what you can do to reach a compromise.”

Treat mobile devices like laptops, he says. “Now you have this mobile device where an end user can continually make any changes that he desires. Now it becomes an untrusted platform, and it’s unknown what the user has done, installed, or subverted,” whether the user realizes it or not, he says. “Enterprise IT should be concerned.”

Full article at: DarkReading

Apple Expels 1,000 Apps From Store After Developer Scam

0
Posted by Tech Paranoia on December 10, 2009 – 3:00 pm
Filed under Software
Tagged as ,

Apple has sent a clear message to any developers who try to game its iTunes App Store. Software developer Molinker has been kicked out, along with more than 1,000 of its iPhone applications.

The Chinese developer had, according to some estimates, 1,000-plus applications in the store, most of which were copycat knockoffs of existing applications. When the friend of writers at the iPhoneography photography blog saw these rather poor applications consistently scoring 5-star reviews, they got suspicious. Some investigation showed that Molinker’s applications were getting many top ratings and almost nothing in the 2-to-4-star range. In fact, the only other ratings were often 1-star, and likely the only truthful feedback on the apps’ pages.

iPhoneography wrote a long letter to Apple’s marketing boss, Phil Schiller, and posited that Molinker was giving out promotional codes — essentially free copies of the applications — in return for these 5-star reviews. In almost all cases, these reviews were poorly written, and came from customers who almost exclusively reviewed just Molinker applications.

This scam was so effective that the applications regularly rose to the tops of charts. One, called ColorMagic, even made it into the Staff Favorites section of the store (which brings some doubt as to whether these are actually staff picks at all).

After a week of typical Apple silence, iPhoneography wrote again, and received a reply direct from Schiller: “Yes, this developer’s apps have been removed from the App Store and their ratings no longer appear either.”

Full article at: Wired

iPhone data harvesting from non-jailbroken devices

0
Posted by Tech Paranoia on December 4, 2009 – 3:00 pm
Filed under Viruses
Tagged as

Nicholas Seriot, a HES software engineer and iPhone developer and trainer held a presentation 2 days ago in Geneva. The subject of the talk was iPhone privacy. He demonstrated how non-jailbroken devices can be harvested for personal data using malicious applications.

He started the talk by enumerating the various instances of iPhone privacy and security issues that have reached the main press lately: a swiss app for iPhone was banned from the AppStore because after a few days someone would call the users and try to sell them the full version; a number of worms infected jail-broken iPhones in November (5€ ransom worm, Ikee,Duh/Ikee.B, etc.); an iPhone application editor from California is sued because its applications harvest users’ cellphone numbers.

Security firms are itching for a chance to develop an anti-virus solution for the iPhone because – they say – the demand is great.

Source: Help Net Security

BlackBerry security exec warns of smartphone DDoS attacks

0
Posted by Tech Paranoia on November 19, 2009 – 4:00 pm
Filed under Security, Voice
Tagged as , , ,

BlackBerry and smartphone security in general hasn’t garnered much attention or concern over the past few year, at least from a consumer, or user, perspective. Enterprises have been invested in mobile device security since the advent of the PDA.

But that’s going to have to change, thanks largely to the vast number of consumers embracing new, flashy smartphones like Apple’s iPhone, Motorola’s Droid and Research In Motion’s (RIM) BlackBerry Bold 9700.

This plethora of new smartphone users means the potential for gain by hackers or other online baddies looking to crack smartphone security measures is drastically increasing. The more smartphone users, the more devices that could potentially be commandeered and used in various attacks. That means smartphone users are going to have to smarten up when it comes to mobile security awareness and be more vigilant in spotting and stopping potential problems before they happen.

More at: Computerworld