HackerTool/IPhoneStealer - Released Nov 17, 2009 - Last Updated Nov 18, 2009

Alias/es iPhone/Privacy.A
Visible Symptoms There are no visible symptoms on the victim's iPhone.
Detailed Analysis This hacker tool steals the victim's iPhone's contacts and SMS messages. Your iPhone is at risk if; it is jailbroken and the default root SSH password hasn't been changed (alpine by default) AND if it is online (connected to an operator's network) or to a local LAN (for example by Wifi) Technical Details This hacker tool is written in Python, and will run on any operating system supporting Python. It also requires the installation of an additional Python module, named paramiko, to handle the SSH protocol. The tool scans a given network (local network by default) and tries to connect to the SSH port. If connection is successful, the host is added to a potential vulnerable host list. Then, for each host in that list, the tool tries to login as root with password 'alpine', which are the default credentials for jailbroken iPhones. If this is successful, the attacker is now root on the victim's iPhone. To demonstrate this, the attacker then downloads (steals) the victim's SMS and contacts database via secure FTP. The tool does not 'harm' the victim's iPhone. Note the attack is successful if an attacker scans a network the victim is connected to. The attacker need not install any tool on the victim's iPhone.
Recommended Action On jailbroken iPhones, make sure to customize user account passwords. Do not use default passwords.

Fortinet