Stay on Main Street for iPhone apps

Unlocking your iPhone so that you can install third party applications can be fun. Using the Installer.app application on the iPhone and its default repository you can install utilities, games, and other applications. By adding additional repositories to the Installer, it is possible to gain access to a much greater quantity of software.

Occasionally, if you’re not careful you can end up installing malicious software from a bad repository. This happened to a number of iPhone owners a few days ago.

An application calling itself “iPhone firmware 1.1.3 prep” claims to be a tool to prepare your iPhone for the upcoming iPhone update. It actually installs another separate legitimate utility. The damage occurs if you already had the utility installed and you want to remove the false firmware update “prep” tool. Uninstalling the fake tool just uninstalls the real utilities.

Information from the STE Packaging repository site and its owner details how the “prep” tool functions and how it was distributed. Users who added the jmwiki.com repository site to Installer.app were offered the “prep” tool and two other similar packages. It was determined that the malicious repository and applications were created by an 11 year old. The child’s parents were informed and the repository was taken down.

Phone modification (changing the OS, reflashing, unlocking, etc.) can sometimes be dangerous. While corrupting a firmware upgrade for a mobile device might be possible, it is not surprising that someone has created much simpler malicious installation files. On the Symbian platform we have seen quite a few malware, such as SymbOS/Skulls and SymbOS/Appdisabler, that disable or overwrite legitimate applications upon installation.

Users can avoid such problems by:

• Acquiring software only from trusted sources
• Installing only official firmware updates