In other words, if you're the owner of a jailbroken phone, you should now be concerned.

Unlike the relatively innocuous iKee worm which the creator designed more as a "public service" to alert users to the potential for malware on the iPhone, the new hacker tool, dubbed "iPhone/Privacy.A," is the real deal. Where iKee simply switched the iPhone wallpaper to display a photo of singer Rick Astley (a nod to the internet meme of rickrolling), Privacy.A gives the user no indication that it is running on the device.

The new hacker tool also operates a bit differently than iKee does, as it doesn't have to sit on the iPhone itself in order to inflect its damage or spread. The hacker can either load the worm onto their personal device and then monitor the network for jailbroken devices to attack or they can load the malicious program onto a computer. As Intego points out in their post, this computer could be on a public network at an Internet cafe or retail store. In that scenario, the tool would then scan for any other jailbroken iPhones that came within range of the Wi-Fi network and attack them.

How to Secure your iPhone

Although many jailbreakers are tech-savvy enough to know how to lock down their devices to protect themselves from attack, there are quite a few who have simply followed online instructions such as these to perform the jailbreak. This group, while arguably somewhat tech-savvy, doesn't necessarily know all the nitty-gritty details about the iPhone filesystem or its security mechanisms.

To make it easy on these users, we've provided steps on how to change your iPhone's root password - the common denominator required in order for the malware to gain access to your device.

While some may argue there's no need to change your root password if you haven't also installed the SSH program, another necessary element for these attacks to work, we think that's a little short-sighted. It would be easy enough for a malicious hacker to trick jailbreakers into installing SSH by bundling it with some other third-party application offered through underground App Stores like Cydida or Icy. By masquerading as something innocent like a wallpaper-changer or ringtone bundle, a hacker could easily set up a number of jailbreakers with SSH without the victims even being aware that it has been installed. Although we haven't heard of anything like this happening yet, if we thought of it then you can bet that the hackers out there have thought of it too.

Changing the Root Password

The best protection is to simply change your iPhone root password. That will keep you safe from the current iPhone malware...as least for now. Here's how:

1. Install the MobileTerminal application from Cydia.
2. Reboot your iPhone.
3. Launch MobileTerminal and type in the command: passwd
4. At the prompt which asks for the "Old Password," type in: alpine
5. At the new password prompt, type in a new password of your choosing, making sure to pick something strong.
6. Re-enter the password to confirm.
7. You'll then be returned to the Mobile$ prompt which means the change was successful.
8. Now you'll need to change the password for the secondary admin. Type in the command login root.
9. Again, you're prompted for the old password. Type in alpine.
10. Now type in the command passwd
11. You'll then go through the change password routine a second time, entering in alpine as the old password, creating a new password and then re-entering it to confirm.
12. When you are finished, close the application.

Note: these instructions assume you are running iPhone OS 3.0 or higher.