iPhone/Privacy.A: a bit more info

In my previous blog on this topic (http://www.eset.com/threat-center/blog/2009/11/11/hacker-tool-exploits-vulnerability-in-jailbroken-iphones), I said that I didn't know if this hacking tool worked under Windows as well as OSX/Unix and Linux.

I've subsequently exchanged email with Philippe Devallois at Intego, who tells me (thanks, Philippe!) that in principle, it will work fine with Windows. It's written in Python (as was some of the previous code that uses this approach to gaining access to jailbroken iPhones with SSH installed) , and Python is highly portable and open source. (It's also available for Java and .NET and even MS-DOS, if you're that sad.) 

Don't get complacent about the fact that Python is an interpreted language, either: there are compilers and translators that make it perfectly possible to distribute executable packages on a system that doesn't come with the interpreter installed.

The sky is not falling, but this is more than a prank: it's an indication that the platform is regarded as a target for more than Proof of Concept messing about, and Apple should, in my opinion, be considering whether they should do some re-engineering to take into account vulnerabilities introduced by jailbreaking.

Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.