23 July 2017
visit www.avoka.com

Dutch ING customers targeted by iPhone worm

23 November 2009  |  13522 views  |  2 iphone apps on screen

A malicious iPhone worm targeting online customers of ING in the Netherlands has been identified by security outfit F-Secure.

The worm only targets jailbroken iPhones which have SSH (secure shell) remote access installed and have not changed the default password.

It redirects the bank's customers to a fake site with a log-in screen connected to a Web-based command and control centre in Lithuania. The worm can then behave like a botnet, enabling the phone to be accessed or controlled remotely without the permission of its owner.

F-Secure says the new worm is not widespread, but it is much more serious than the recently discovered first iPhone worm, Ikee, as it seems to try to steal information from the devices.

Mikko Hypponen, research director, F-Secure, told the BBC that, although only a few hundred handsets are thought to be infected so far, the worm could jump from phone to phone among owners using the same wi-fi hotspot.

An ING spokesperson told the BBC that a a warning would be put on the bank's official Web site and call centre staff briefed on the potential security threat.

Comments: (2)

A Finextra member
A Finextra member | 23 November, 2009, 17:45

The story of ING customers having their iPhone's targeted by malware is important on several levels. If the attack indeed just leaves jailbroken phones vulnerable than let's remember what this means: only sophisticated users would be directly vulnerable. Yet because there are two major classes of victims in identity crimes (companies such as banks, merchants and processors and of course the account- or identity-holders themselves) industry needs to be very concerned given the growth of mobile banking and eventuality of mobile payments. In the US, our latest research finds that fully 53% of iPhone users are engaging in mobile banking, showing that iPhones rather than the broader category of smartphones are the device for industry technology and marketing professionals to watch. Two other facts: 1) ING is among the leaders for customer protection, having attained perfect fraud resolution scores in Javelin's just-published Banking Safety Scorecard (tied with Navy Federal CU, PNC and Wells Fargo) and 2) the coming wave of mobile security threats are all the more reason to harness the natural strengths of mobile banking, which is it's inherent "always on" detection capabilities. For banks with real-time transaction capabilities and alerts that give consumers iPod like control over their money and identity, we can team up to drive fraud down. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 24 November, 2009, 07:12

I agree, but lets say in Hungary and in some countries around, Apple iPhone is the most popular smartphone, while Blackberry is lagging far behind. Mobile banking is widely used from iPhones (in a good portion of cases jailbroken iPhones), so the vulnerability is there.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK police arrest two over ZeuS Trojan

UK police arrest two over ZeuS Trojan

18 November 2009  |  8164 views  |  0 comments
Gang jailed for Trojan bank theft scam

Gang jailed for Trojan bank theft scam

16 November 2009  |  10713 views  |  0 comments
Postbank secures iPhone banking with VeriSign

Postbank secures iPhone banking with VeriSign

30 October 2009  |  10383 views  |  0 comments
Warning over iPhone phishing vulnerability

Warning over iPhone phishing vulnerability

25 July 2008  |  8672 views  |  0 comments
Keylogging Internet worm on the loose

Keylogging Internet worm on the loose

03 June 2004  |  5858 views  |  0 comments

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.finastra.comvisit www.worldpaymentsreport.comvisit www.niceactimize.com

Top topics

Most viewed Most shared
German fintech factory FinLeap raises EUR39 millionGerman fintech factory FinLeap raises EUR3...
14107 views comments | 19 tweets | 15 linkedin
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
10355 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
9238 views comments | 16 tweets | 12 linkedin
Mastercard and Scotiabank join Enterprise Ethereum AllianceMastercard and Scotiabank join Enterprise...
7848 views comments | 25 tweets | 16 linkedin
PayPal strikes deals with Chase and CitiPayPal strikes deals with Chase and Citi
7258 views comments | 9 tweets | 5 linkedin

Featured job

Brussels or Frankfurt

Find your next job