Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Trojan Sign of Things to Come?

Posted by ryuzaki0 on from the im-in-ur-iphone-removin-ur-apps dept.

climber writes "Just days after the first scareware for OSX, researchers are pondering the problems of an iPhone exploit that could lead to larger issues. The Trojan pulls legitimate apps off the phone if you try to remove it, but it only infects iPhones that have 'been modified or opened through a security hole in the system.' Though this worm is more of an annoyance than anything else, it could be a proof of concept for a more serious attack. 'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"

18 of 151 comments (clear)

  1. What rock was she hiding under? by dreamchaser · · Score: 4, Insightful

    She offers several reasons that the device isn't a good corporate tool.'"

    It's not even a *bad* corporate tool. It's a consumer device and was never meant (in its current incarnation) to be used for corporate uses. You can't even get one if your AT&T number is registered via a business account. It's like saying "this plum isn't a very good orange."

    Idiot.

    1. Re:What rock was she hiding under? by Cro+Magnon · · Score: 2, Insightful

      Same Old Stuff. IT should be used to supporting stuff that isn't ready for the Enterprise *cough*Windows*uncough*

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    2. Re:What rock was she hiding under? by Anonymous Coward · · Score: 2, Insightful

      You're right, but if you look at the reasons, most of them apply to a consumer device, too. (e.g. Lack of encryption is pretty wacked. The only reason Apple gets away with that in the market, is that their competitors are just as bad.)

      One of the big lessons of the iPhone is that today's phones suck. The iPhone sucks too. But the iPhone -- a device made by a personal computer maker -- has also sent a message that wasn't being heard before: phones don't have to suck. If PCs can be make non-sucky, why not phones? Maybe in a few years, someone will address the we-don't-want-suckiness market.

    3. Re:What rock was she hiding under? by arminw · · Score: 3, Insightful

      ....... IT should be used to supporting stuff that isn't ready for .....

      But isn't that the fun and interesting part of an IT job. Coming up with clever solutions that others have not already thought of and pre-chewed and partially digested is what makes the life of a real engineer challenging and fun. This includes supporting Windows, possibly in ways and with methods the folks in Redmond have not even dreamed up yet.

      --
      All theory is gray
  2. So FUD... and a non sequitur by revscat · · Score: 4, Insightful

    'The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'

    So the summary starts off being nothing more than FUD, and since that won't hold water descends quickly -- albeit nonsensically -- into a completely different topic.

    I guess Zonk hates the iPhone. Or is looking for page views. Or something. *shrug* Whatever, none of this makes a lick of sense.

  3. Wrong by MBCook · · Score: 4, Insightful
    1. It is not a worm. That would require it to spread
    2. Software installed on systems without privilege levels (like the old days of DOS or OS 7) is allowed to do anything... duh
    3. This isn't a flaw with the iPhone. Apple's way of installing applications may prevent this kind of stuff

    Anything that starts with "replace the firmware of your device with this hacked firmware" can obviously cause you problems.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  4. I'm sure a Windows Mobile phone is more secure by EmbeddedJanitor · · Score: 2, Insightful
    NOT!

    If you think the Windows desktop/server security is bad you should see the Windows CE security! Again, MS have delivered an OS that was designed for a disconnected system (PDA) then tried to put a crappy fence around it to make it secure in a connected world. Too little, too late.

    As for trojans, well no matter what OS you run, a dumb enough user with sufficient priviledges can always run a trojan. Nothing new here!

    --
    Engineering is the art of compromise.
  5. Doesn't this only support Apple's position? by UnknowingFool · · Score: 4, Insightful

    but it only infects iPhones that have 'been modified or opened through a security hole in the system.'

    Since the very beginning, Apple has told people not to hack the iPhone because it could endanger the functionality and security of the device. Those who did could suffer when Apple updated the firmware. Now it appears hackers have found a way to compromise the iPhone because it had been already been compromised. By the way, the first hack into the iPhone require physical access to the phone so it's not like you surfing in your coffee shop will get you a Trojan. Someone first has to steal your phone and then hack it for this Trojan to work remotely.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  6. Dresser by Fnord666 · · Score: 5, Insightful
    From the summary

    It is clear at least one writer -- the author of this piece at Web Worker Daily -- thinks that the iPhone should be left on the dresser in the morning. She offers several reasons that the device isn't a good corporate tool.'"
    The author of the linked piece at Web Worker Daily said no such thing. In fact, the author didn't express a personal opinion one way or the other about the matter. The author was quoting a piecewritten by Benjamin Gray, who works for Forrester.

    From the linked article

    At least, that's the conclusion coming out of Forrester, whose analyst Benjamin Gray, lists 10 reasons why the iPhone is not yet ready to be an enterprise-class mobile device.
    I will have to take the Web Worker Daily's word for it though, since I don't feel like ponying up $279 for a 6 page pdf.
    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    1. Re:Dresser by E-Rock · · Score: 2, Insightful

      It isn't a business device, but then I don't really think that's what it was designed to do in the first place. The iPhone doesn't play well with corporate data. POP e-mail isn't even available as a pull service from some companies and there is nothing to sync calendar data. All these business articles are trying to pit Apple vs RIM, where I see them as very nice manufacturers that are in different markets. Currently...

  7. "dangers of a more malicious attack" by Schraegstrichpunkt · · Score: 4, Insightful

    The fear is hackers may be experimenting and gathering research that will increase the dangers of a more malicious attack in the near future. So the summary starts off being nothing more than FUD, and since that won't hold water descends quickly -- albeit nonsensically -- into a completely different topic.

    No kidding. News flash: If the iPhone is vulnerable, then the "dangers of a more malicious attack" are already there. The solution is to fix the iPhone, not to bitch and fearmonger about "hackers ... experimenting and gathering research".

    --
    http://outcampaign.org/
    1. Re:"dangers of a more malicious attack" by Tsiangkun · · Score: 4, Insightful

      This only affects unlocked iPhones, so I assume by "fix", that you mean use as intended ?

  8. Attack of the Weasels by Bullfish · · Score: 3, Insightful

    Sadly, this is another sign that as Apple products grow in popularity that they will attract the attention of the weasels. Whether or not the statements the weasels make hold any water, or whether or not the scares turn out to be true, the weasels are arriving.

  9. Re:Stuffed shirts by mckinnsb · · Score: 2, Insightful

    You do realize that in many (most?) cases, we are mandated by law to protect our information on mobile devices with passwords/encryption? Yes. You do realize the FCC already checked to make sure that Apple was following the law, right?
    Ok. I was just checking. Look- if your employees buy an iPhone and bring it to work, you don't have to support them joining the buisness network. If they complain, tell them that the company didn't furnish them with an iPhone and it was their personal telecommunications purchase decision. You sound like Apple should be sued for releasing a phone that was intended for personal use just because people decided to bring it to work- and use it in work. Guess what? The responsibility , under HIPAA regulations, as far as your employees are concerned, falls with *the employer* and the *employees*, not the *systems they choose to run*. If you choose a faulty system, its your fault. I didn't see any Apple commercials with doctors talking about how well they could use their new tool to communicate to their nurses.
  10. Re:Curious by jacksonj04 · · Score: 2, Insightful

    Oh for the love of God, not another /. "The corporations/government are out to get our freedom/data/money!" conspiracy. Perhaps it's just exactly the same as the vast majority of exploits for everything else with a processor, and it's somebody either proving a point or out to make a name for themselves.

    There is of course an easy solution to the virus problem. Apply the damn patch, and if you want an open device you can play around with don't buy an iPhone in the first place!

    --
    How many people can read hex if only you and dead people can read hex?
  11. like a worm on a hook by Teflon_Jeff · · Score: 2, Insightful

    Anything that is this popular, by nature, will attract viruses. This is definitely the tip of the iceberg, and it makes me wonder how much experience people at Apple actually have at preventing viruses, once the world at large cares enough to target them.

    --
    "Teach a man to build a fire, and he's warm for a day. Set a man on fire and he's warm for the rest of his life."
  12. If I had mod points... by zieroh · · Score: 4, Insightful

    If I had mod points, could I mod the entire article down?

    --
    People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
  13. Oh. And. by Swift2001 · · Score: 3, Insightful

    When Apple said, "Hey, you find a security hole to install third-party software, we're going to have to close the hole," everybody yelled and screamed. Now someone's using the back door that the hackers found. Well, as Gomer used to say, "Surprise, surprise." I wonder if the new software update closes that hole.