30 April 2017
visit nextgenbanking.co.uk

Dutch ING customers targeted by iPhone worm

23 November 2009  |  13441 views  |  2 iphone apps on screen

A malicious iPhone worm targeting online customers of ING in the Netherlands has been identified by security outfit F-Secure.

The worm only targets jailbroken iPhones which have SSH (secure shell) remote access installed and have not changed the default password.

It redirects the bank's customers to a fake site with a log-in screen connected to a Web-based command and control centre in Lithuania. The worm can then behave like a botnet, enabling the phone to be accessed or controlled remotely without the permission of its owner.

F-Secure says the new worm is not widespread, but it is much more serious than the recently discovered first iPhone worm, Ikee, as it seems to try to steal information from the devices.

Mikko Hypponen, research director, F-Secure, told the BBC that, although only a few hundred handsets are thought to be infected so far, the worm could jump from phone to phone among owners using the same wi-fi hotspot.

An ING spokesperson told the BBC that a a warning would be put on the bank's official Web site and call centre staff briefed on the potential security threat.

Comments: (2)

A Finextra member
A Finextra member | 23 November, 2009, 17:45

The story of ING customers having their iPhone's targeted by malware is important on several levels. If the attack indeed just leaves jailbroken phones vulnerable than let's remember what this means: only sophisticated users would be directly vulnerable. Yet because there are two major classes of victims in identity crimes (companies such as banks, merchants and processors and of course the account- or identity-holders themselves) industry needs to be very concerned given the growth of mobile banking and eventuality of mobile payments. In the US, our latest research finds that fully 53% of iPhone users are engaging in mobile banking, showing that iPhones rather than the broader category of smartphones are the device for industry technology and marketing professionals to watch. Two other facts: 1) ING is among the leaders for customer protection, having attained perfect fraud resolution scores in Javelin's just-published Banking Safety Scorecard (tied with Navy Federal CU, PNC and Wells Fargo) and 2) the coming wave of mobile security threats are all the more reason to harness the natural strengths of mobile banking, which is it's inherent "always on" detection capabilities. For banks with real-time transaction capabilities and alerts that give consumers iPod like control over their money and identity, we can team up to drive fraud down. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 24 November, 2009, 07:12

I agree, but lets say in Hungary and in some countries around, Apple iPhone is the most popular smartphone, while Blackberry is lagging far behind. Mobile banking is widely used from iPhones (in a good portion of cases jailbroken iPhones), so the vulnerability is there.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK police arrest two over ZeuS Trojan

UK police arrest two over ZeuS Trojan

18 November 2009  |  8050 views  |  0 comments
Gang jailed for Trojan bank theft scam

Gang jailed for Trojan bank theft scam

16 November 2009  |  10607 views  |  0 comments
Postbank secures iPhone banking with VeriSign

Postbank secures iPhone banking with VeriSign

30 October 2009  |  10283 views  |  0 comments
Warning over iPhone phishing vulnerability

Warning over iPhone phishing vulnerability

25 July 2008  |  7843 views  |  0 comments
Keylogging Internet worm on the loose

Keylogging Internet worm on the loose

03 June 2004  |  5778 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit vasco.com/news/PSD2-compliant-solutionsVisit capgemini.comvisit dh.com

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7924 views comments | 16 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
7083 views comments | 17 tweets | 16 linkedin
JPMorgan formally quits R3JPMorgan formally quits R3
6675 views comments | 25 tweets | 15 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
6229 views comments | 22 tweets | 21 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
5995 views comments | 20 tweets | 20 linkedin

Featured job

to 120K base, £300K ote, stock options
London, UK

Find your next job