본문 바로가기
IT 보안소식

카스퍼스키(Kaspersky), iPhone Jailbreaking, Greenpois0n and SHAtter Trojans

by 잡다한 처리 2010. 9. 27.
반응형

카스퍼스키에서 iPhone 4.1 iOS에 필요한 탈옥 툴인 Greenpois0n 프로그램을 가장한 트로이목마가 존재한다고 소개했다.

물론 이런 일들이 처음있는 일도 아니고;; 머 기록용으로 남겨본다 ㅎㅎ

현재 알약에서는 Trojan.Keylogger.IStealer.A 으로 탐지 중이다.

ps) 모든 Greenpois0n 프로그램이 악성코드는 아니다. 다만 이런 사회공학적이슈를 노리고 있는 악성코드가 있다는것을 알릴뿐!!

When iPhone jailbreaking was declared legal earlier this year, in June, Apple fans from all around the world rejoiced. Sites such as Jailbreakme.com appeared, which make it simple and straightforward to jailbreak older iPhones.

Indeed, the keyword here is "older" - when Apple started selling the new iPhone 4G, it also patched the vulnerabilities that made it possible for users to jailbreak it.

This is why until now it's been impossible to jailbreak newly purchased iPhones that come with iOS 4.0.2 or iOS 4.1.

But earlier this month, though, a hacker going by the handle pod2g announced that he was working on a new exploit that would make it possible to jailbreak all existing iPhones through a vulnerability in the bootrom. Due to its nature, this vulnerability will be extremely hard for Apple to fix in software, if not impossible. So if the exploit ever appears, it would mean it would be possible to jailbreak all existing iPhones and iPads through a simple exploit, regardless of the OS version being run. A groundbreaking announcement indeed.

Still, as of September 20, there was no exploit available from pod2g that would jailbreak iOS 4.0.2 and iOS 4.1. Users of iPhone 4Gs running these versions of iOS are pretty much unable to do anything, unless they downgrade the OS to an earlier version. And for the iPhones that came with 4.0.2 from the factory, it's impossible to downgrade them.

You might wonder why I'm talking about this topic. After all, "hacker", "exploit" and "vulnerability" are some quite emotive terms, and you might think we wouldn't want to be encouraging this sort of behavior. But there's a good reason for this post: jailbreaking iPhones is, as I said, now legal, but there are lots of bad guys out there who are looking to take advantage. I see this post as kind of being like safe sex advice: the more you know, the better protected you're going to be.

Cybercriminals have definitely been riding the buzz around the supposed jailbreaking tool. It's presumed to be called "Greenpois0n" and it's expected to be released any day now. Not surprisingly, we've seen a number of fake "Greenpois0n" Trojans.

If you search for the Greenpois0n tool on Google or popular torrent sites you might be in for a surprise:

All the existing "greenpois0n" archives at the moment contain Trojans designed to steal passwords and other private data from your system:

In addition to the Trojans, fake (rogue) jailbreaking websites have appeared; they pretend to sell tools that can jailbreak any version of iPhone with any version of iOS. The average cost for these is $25-$40.

As usual, you shouldn't be fooled: currently there is no working jailbreaking tool for iPhone 4s running iOS 4.0.2 / 4.1. If the pod2g exploit turns out to be valid, there'll no doubt be a lot of noise about it. Until then, stay away from fake jailbreaking tools and websites!




댓글