Phony iPhone Upgrade Hides MalwarePhony iPhone Upgrade Hides Malware

Computer security experts say the "iPhone firmware 1.1.3 prep" is designed to dupe people into downloading it as the Macworld Expo show opens next week.

Thomas Claburn, Editor at Large, Enterprise Mobility

January 9, 2008

2 Min Read
information logo in a gray background | information

Your Apple iPhone could be infected with potentially malicious Trojan software because of a fake upgrade download, computer security officials with US-CERT warned Wednesday.

"This Trojan claims to be a tool used to prepare the device for an upgrade to firmware version 1.1.3," the US-CERT advisory said. "When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed."

The Trojan appears to be timed to exploit rumors that began in early December about new features in an upcoming iPhone firmware upgrade. Various online news sites and blogs cited a report published by CNET France that claimed an imminent iPhone update would feature a disk mode, for using the iPhone as a portable flash drive, and a voice recording mode.

Malware authors now regularly craft attacks that play off current news and events. The Storm worm, for example, initially spread through an e-mail message that made reference to what was in January 2007 a recent storm. With the Consumer Electronics Show this week and the Macworld Conference & Expo next week, malware masquerading as an iPhone upgrade will likely dupe more people than it would otherwise.

On Monday, Symantec identified the malicious software as "iPhone firmware 1.1.3 prep."

In a blog post, Symantec security researcher Orla Cox observes that installing the software doesn't appear to have much of an effect on the iPhone, but warned that uninstalling it could overwrite other iPhone applications.

"This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat," said Cox. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones."

Read more about:

20082008

About the Author

Thomas Claburn

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, information, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

See more from Thomas Claburn
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports