According to The Register and others, a tool which allows hackers to break into jailbroken iPhones and steal information has been discovered.
Following closely in the footsteps of the first iPhone worm (known as Ikee) which hunted for jailbroken iPhones running SSH which were still using the default password of “alpine”, the hacking tool reportedly allows criminals to steal emails, contacts, calendars and other data stored on the device.
Sophos has not yet received a sample of the hacking tool, which was first reported by French Mac security company Intego. David Harley of ESET reports that the tool is in reality a script written in Python – meaning it can be run on a variety of different platforms. In other words, a hacker could run the script on his Mac or Windows or Linux computer to try and find vulnerable iPhones.
It’s important to recognise that the tool (dubbed iPhone/Privacy.A by Intego) is not a virus or a worm, and can not spread under its own steam. Nevertheless the advice remains the same – if you are going to tinker and jailbreak your iPhone, make sure you also change its default password to something other than “alpine”.