back to article 'First' iPhone Trojan rolls into town

Hackers have created Trojan horse malware targeted at Apple's much-hyped iPhone device. The package - more of a prank than a threat - poses as an "important system" upgrade supposedly needed prior to upgrading to version 1.1.3 of Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack malicious purpose. Problems kick …


This topic is closed for new posts.
  1. Aaron Fothergill

    only for Hijacked iPhones?

    The article doesn't make it clear, but I'm assuming that if you have to install the package on an iPhone then this particular trojan is only for iPhones that people have hijacked, rather than an application that can get itself onto a normal iPhone that doesn't let you put malware onto it (that being Apple's point about locking down the phone)?

    If so, isn't this a point in favour of Apple's policy of not letting iPhone users break their phones by putting unqualified software on them?

  2. Phil Arundell

    Wake Up Call

    Hopefully this will be a bit of a wake up for people who have opened their phones up using a massive security hole (i.e. a TIFF exploit that allows arbitrary code execution) and then proceeded to grab unverified programs without a second thought to what they're actually doing.

    One of the big failings of the iPhone currently is that everything runs as root. This is probably one of the reasons it is currently locked down and hopefully when the SDK comes out it will no longer be the case (or at least I would hope Apple wouldn't be stupid enough to leave everything running as root when user installable apps become official!).

    Installing unknown software that will run as root onto a UNIX device when that device can also make phone calls is a really, really dumb idea - premium rate phone scam anyone?

  3. Phil Rigby
    Paris Hilton


    It was probably Apple that wrote/released it :-)

  4. Rick
    Thumb Down

    Iphone = Ijacked

    More business for Symantec and the likes.

  5. Rick Brasche
    Black Helicopters

    @ Phil

    We did. You weren't supposed to tell anyone.

    the iHitSquad will arrive in a few moments to correct this.

    Hail Steve!

  6. heystoopid
    Paris Hilton

    And yet

    And yet the dumb Iphoney users will always fall for it hook line and sinker !

    Can't wait for the better and safer and secure by nature Linux version !

  7. Anonymous Coward
    Anonymous Coward

    @Phil Arundell

    It's a phone, not a multi-user server. Whether you run as root or as whatever, the account still needs permissions to send sms messages, make phone calls, read emails, delete them, etc, etc...

    Sandboxing the browser is another matter, but hardly what you're thinking would be a 'smart' idea.

    oh and heystoopid (how appropriate), as you're waiting for the 1337 h@xx0r linux alternative i'm guessing you're super extra technically savvy.

    So, do you mind sharing *exactly* what would make running Linux on a phone safer as opposed to osx or what-have-you? I'm intrigued, particularly as you're not talking about a specific implementation such as Android or OpenMoko. So i'm guessing you mean exclusively the Linux kernel.

    Even just one specific technical difference that impacts security would be great.

    Thx, bai!

  8. Anonymous Coward
    Jobs Halo

    This is a lie

    Its a fake story. Anything that Apple releases is super special awesome and never gets viruses or trojans ever.

    and all Apple products are hackproof too.

  9. Andy Worth


    Finally, an Apple device that someone can be bothered to write malicious code for......

  10. stizzleswick
    Thumb Down


    "Can't wait for the better and safer and secure by nature Linux version !"

    Er... lemme see... "secure by nature?" *shaking head sadly*

    Let me clue you in: No multi-purpose operating system is "secure by nature." Not even OpenBSD. Which is already running on the iPhone underneath all the neat iCandy.

  11. heystoopid


    @stizzleswick by your definition and the GPL rules of the game any open source software used in commercial devices then the issuer of said devices must issue said source code to all users with no ifs buts or maybes and that is the law as has been interpreted even in the land of the unfree under the grand drunken drug addicted dear leader who ignores his own rules and laws !

    So thus where is this source code issuing forth from god phones home web site that be the question ?

  12. Nathan Randle


    heystoopid please do some research before responding to a better informed commenter than yourself. It is public knowledge that OS X is Unix based on FreeBSD (therefore you're stupid). And the code you so wish to see, you will find at the following location...

    And I quote:

    'If you like open source development, you'll love Mac OS X. This fully-conformant UNIX operating system—built on Mach 3.0 and FreeBSD 5...' (

  13. DavidRo

    Anon Coward..

    Well done on calling 'heystoopid'..

    Heystoopid: I too would like to see your broad outline as to how Linux will make the i-groan more "secure by nature"..

    I have been a long time reader of The Reg and to be honest, the amount of pure drivvle spouted by these supposed Linux gurus has really begun to grind my tits...

  14. Ian Davies
    Dead Vulture

    Lazy hack writer

    It does make me laugh when I read how the iPhone is automatically prefixed as 'much hyped'... as though all other phone makers aren't desperately trying to hype their own products, and would sell their childrens' kidneys to get the kind of publicity the iPhone does.

    There's one very good reason that Apple's products get the press; they're usually worth it.

  15. stizzleswick

    Secure by nature

    @Nathan: Thank you for pointing out my mistake; of course it's not OpenBSD -- I didn't remember which flavour of BSD it was and grabbed the wrong one instead of looking it up first. My bad.

    @heystoopid: "by your definition..." I didn't define anything in my earlier post... and it seems you completely failed to address the one question I had opened up, namely the issue of any OS being "secure by nature."

    I should probably mention that I am a long time user of various flavours of Linux, BSD et al and prefer them to other operating systems. But that does not blind me to the fact that they are not, in fact, "secure by nature," nor flawless in any other way.

  16. Anonymous Coward

    Trojan or poorly tested package???

    If I recall in the past some of the reasons for certain iPhone getting bricked is because the firmware upgrade detected that third party software was on the phone.

    The name of the package "iPhone firmware 1.1.3 prep" tells me this was an attempt at creating a package that will prepares the phone for the rumored 1.1.3 firmware install. It does seem that the package description was not clear on it purpose and was not tested properly.

    To be called a "Trojan" by Symantec I think was done just to ride the publicity coattail created by the iPhone.

    As for the source code of packages being release, yes most of the codes for these installs are available.

    Can someone decide to release a malicious install for the iPhone? YES

    But someone can decide to make there own app for any flavor of BSD, Lunix, etc that might be considered a development package and could result in malicious behavior.

  17. Anonymous Coward



    I saw an advert for a Mac in a local PCworld, saying that it's the "Hack-resistant, Virus-resistant" solution.. trying to sell it like it's the Holy Grail.

    I'm not a PC Fanboi, or an iDrone, but I personally can't stand the iPhone, or this whole iLife attitude of Apple... The iPhone, It looks nasty, is overpriced, over-hyped garbage. iPod - You can get the same devices from other manufacturers cheaper, and with more support.

    I look forward to the time where something like Android or something else comes out and pisses over the iPhone. I sincerely hope they do anyway.

This topic is closed for new posts.