Mobile botnets created from iPhone worms can be a security risks in the future as what the analysis of SRI researchers shows. The latest iPhone worm IKee.B (duh) released late November exploited default root passwords on jailbroken iPhones to turn the smartphones into botnet clients under the control of a server based in Lithuania.

SRI International Security researchers, which was known for their top notch work in dissecting the Conficker botnet, published an analysis of the iPhone botnet on Monday that warns users of Apple's device and similar smartphones to expect more of the same in future.

Qouting part of the analysis:

Unlike the previous generation of cell phones that were at their worst susceptible to local Bluetooth hijacking, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet. Although the iKee.B botnet discussed here admittedly offers a rather limited growth potential, iKee.B nevertheless provides an interesting proof of concept that much of the functionality we have grown to expect from PC-based botnets can be easily migrated into a lightweight smartphone application. iKee.B demonstrates that a victim holding an iPhone in Australia can be hacked from another iPhone located in Hungary, and forced to exfiltrate its user's private data to a Lithuania C&C server, which may then upload new instructions to steal financial data from the Australian user's online bank account. While it is unclear just how well prepared smartphone users are to this new reality, it is clear that malware developers are preparing for this new reality right now.

The conclusion of the SRI's researchers is that even if the iKee.B worm is simpler than its PC relatives, the threat is equally the same.

The iKee bot is one of the latest offerings in smartphone malware, in this case targeting jailbroken iPhones. While its implementation is simple in comparison to the latest generation of PC-based malware, its implications demonstrate the potential extension of crimeware to this valuable new frontier of handheld consumer devices.

Read the rest of the analysis here.

Related Posts