Your iPhone could be part of a worldwide botnet, researchers have claimed after a recent outbreak of worms designed to infect the popular mobile phone.
Security researchers at SRI International have found that the IKee-B iPhone worm, which attacked “jailbroken” iPhones in November, turned the smartphones into botnet clients under the control of a server based in Lithuania. The worm predominantly affected iPhone users in The Netherlands, specifically targeting customers of Dutch online bank ING Direct.
Whilst warnings about malware on smartphones have been circulating for a number of years, the growth in popularity of the iPhone, which allows users much greater access to the internet than previous handsets. The popularity of the iPhone has also raised concerns, with smartphones previously considered to be something of a “niche” product.
“Unlike the previous generation of cell phones that were at their worst susceptible to local Bluetooth hijacking, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet,” claimed the report.
“Although the iKee.B botnet discussed here admittedly offers a rather limited growth potential, iKee.B nevertheless provides an interesting proof of concept that much of the functionality we have grown to expect from PC-based botnets can be easily migrated into a lightweight smartphone application. iKee.B demonstrates that a victim holding an iPhone in Australia can be hacked from another iPhone located in Hungary, and forced to exfiltrate its user’s private data to a Lithuania C&C server, which may then upload new instructions to steal financial data from the Australian user’s online bank account. While it is unclear just how well prepared smartphone users are to this new reality, it is clear that malware developers are preparing for this new reality right now.
SRI’s researchers conclude that although the Ikee-B worm is simpler than similar PC versions, it comes with the potential to evolve in something more serious.
“The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.