iOS 4.x Trojan Masquerading As Jailbreak Exploit
Have you been swayed into downloading apps which claim to be able to Jailbreak the recently patched iOS 4.x operating system? You might want to hold your horses a little and wait this one out, because it has been reported at a certain trojan has been masquerading as such a Jailbreak. And its purpose? Why, to steal your passwords and private data from your desktop PCs, of course.
Apple may have already patched its iOS 4.x operating system to prevent any further jailbreaking for the time being, but that apparently has not stopped hackers eager to get a quick slice of the Apple pie at other people’s expense. And the latest ‘Jailbreak’ utility for the operating system is just one such example.
Apparently, a hacker going by the name of ‘pod2g’ had previously announced that the Chronic Development Team had recently found a extremely low-level flaw in the iPhone 4′s boot rom code. This flaw, when exploited, can result in a permanent hardware Jailbreak which essentially renders all future iOS updates useless, as low-level hardware code can seldom, if ever, be patched by software means.
And that is where the problems start coming in: a tool known as greenpois0n claims to be capable of utilizing the low-level boot rom exploit is actually a trojan in disguise. And when loaded into iOS, the tool promptly goes trigger happy in searching for, and stealing passwords from desktop computers.
But it is not just greenpois0n which is wrecking havoc on iOS devices. According to Costin Raiu, Kaspersky Labs’ security researcher, any tool which claims to exploit the low-level boot rom code is a trojan and should not be downloaded at all, regardless of the price and features it claims to possess, as there are no known jailbreaks for iOS 4.0.2 or later on the iPhone 4.
Of course, this will probably play well into Apple’s hands: the company has always claimed that the act of Jailbreaking an iPhone compromises the security of the device. But on another note, perhaps non tech-savvy end users should just stick to using the stock iOS builds supplied by Apple, and leave the Jailbreaking to the real hackers who know their stuff. At the very least, it may just work out better this way. After all, the truth is that no OS is completely secure: marketing can only do so much.
Source: Ars Technica