New worm targets jailbroken iPhones for Dutch online banking customers

There are reports of a new worm that targets jailbroken iPhones and behaves like a botnet. It targets people in the Netherlands who use their iPhones for online banking with the Dutch bank ING, and the worm affects devices with SSH installed. (via Bruce Sterling)

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE: Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Myatu

In addition to the above, just do a search on “pinch media”. Analytics or Spyware? Hidden intent or no?

“Although Apple requires that applications ask if they can use your location upon launch, there aren’t necessarily requirements for app developers to disclose what data they’re tracking beyond location data, how often it’s tracked, and what they’re doing with that data when it’s received. They also don’t require that developers ask for your consent before this sort of detailed monitoring takes place”

(Quoted from http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php)
mdh

Somehow, otherwise clever people will fail to consider that maybe this is exactly why Apple has a walled garden distribution system for iApps.
- BCJ
  
  I don’t think it is asking too much to say that if you jailbreak your phone and install ssh, that you need to change the default password.
  
  If I remember right, ssh is not installed by default, and Cedia (the jailbreak app store) warns you to change your default password.
  
  Essentially, if you know enough about ssh to want to download it, you should know enough to change the default password
mdh

If I were to download that malicious app, i could go to the Apple store with a straigh face and expect them to make me whole again.

And they would.

You go take your jailbroken phone there and do that. Expect laughter.
- BCJ
  
  Being able to take your phone into an Apple store doesn’t say anything about whether Apple’s walled garden is more secure, it merely means that Apple is a stickler for its policy.
  
  If my personal information is stolen, there is nothing that an Apple store employee can do do have it un-stolen, and if the application has broken my jailbroken phone then I can probably take it into apple anyway: if it is so broken that it won’t boot up, then there is no way the employee can tell it was jailbroken, and if it isn’t too broken to boot up, I can always hard reset it and restore it to an unjailbroken state.
Myatu

Nonsense, mdh. I could write an iPhone app, certified by Apple for distrubution through the Apps store, with a hidden intent. People are simply too gullible and just “happy-click-install” stuff they don’t really need or understand.
- BCJ
  
  Nonsense, its not like an app could get onto Apple’s store if it did something malicious like steal people’s personal data:
  http://consumerist.com/5398915/iphone-app-developer-sued-for-stealing-users-phone-numbers
Cowicide

Nonsense, mdh. I could write an iPhone app, certified by Apple for distrubution through the Apps store, with a hidden intent. People are simply too gullible and just “happy-click-install” stuff they don’t really need or understand.

Ok, Dr. Evil… try it.

See how far it gets
- Rob
  
  It can get pretty far
  - Cowicide
    
    No, you can’t
    - Rob
      
      It was there since the first version of these applications. How long was that?
      
      These guys just happened to get caught.
    - BCJ
      
      Check Rob’s link:
      “In a statement released Nov 12., Storm8 apologized for the number transmissions and said it had immediately updated its games to prevent them from doing so in future.”
      
      If that doesn’t convince you, maybe this story will:
      http://gizmodo.com/5370323/iphone-app-developer-jacks-your-phone-number-to-pitch-you-more-apps
      
      Also, your links don’t seem to work
teapot

Cowicide and mdh got burned.
- Cowicide
  
  Cowicide and mdh got burned.
  
  It’s not my problem that you guys are using computers that aren’t even capable of viewing links to a pdf file and Apple’s blacklist code and therefore missed the entire point I was making.
  
  Get better computers. I don’t look at things in black and white. The iPhone isn’t a rampant virus and trojan infested wasteland like Windows, but it isn’t impregnable either.
  
  I’d still like to see Dr. Evil’s great app that will affect non-jailbroken iPhones far and wide. And, I’d like to see how evil Dr. Evil feels with a class action lawsuit on his ass (hint: that’s the link to the standard pdf at boing boing your computers can’t handle).
  
  You guys are squealing like little girls over something Apple patched a while ago. Who cares? You do. Why? Who cares.