Data-stealing Hack Targets Jailbroken iPhones
Once more into the breach, my iPhone-wielding compatriots. On Monday, we heard about the iPhone vulnerability that allowed dastardly hackers to on some jailbroken devices. Now, security firm Intego reports that the same loophole can allow hackers to do far worse.
As you may recall from the earlier story, the vulnerability here affects only jailbroken iPhones in which the password for the 'root' superuser has not been changed from its default. Only this time, instead of just changing your wallpaper to that of a boyishly-handsome '80s pop star, the new risk can give the hacker access to all of your data, including e-mail messages, contact info, SMS messages, calendars, photos, music, video, and info from third-party apps. And, like a ninja, it does so under the cover of darkness, never revealing that it's even been there.
Intego's calling the exploit iPhone/Privacy.A and describes it as a tool that can be run on a computer or another iPhone to scan a wireless network, locate vulnerable jailbroken iPhones, and pump them for information. However, it also admits that the number of iPhones that may actually be attacked by these means is likely to be minimal.
As with the previous exploit, this hack does not work on standard, non-jailbroken iPhones. So, if you must jailbreak your device, for whatever reason, there is one clear recourse: change your root password.