First Trojan for iPhone discovered in the wild

By Ed Oswald, BetaNews

January 9, 2008, 12:04 PM

F-Secure said that it had uncovered the first Trojan horse for the iPhone, which seems to erase user's files in their /bin directory.

Standard iPhone users have nothing to worry about. However, those who have opened up their phones (both locked and unlocked) to install third-party applications are at risk for the exploit.

According to the security firm, the Trojan masks itself as an update to 'Erica's Utilities' and is titled '113prep,' in apparent reference to the upcoming firmware update. Once installed, it does nothing more than display the word 'shoes,' but behind the scenes it is busy deleting all files in the users /bin directory.

This action will break legitimate applications and essentially brick the iPhone. It is not clear if a system restore would be able to reverse the damage done. Additionally, with modifications done to the phone, that would mean taking the phone to the Genius Bar would not be an option either: Apple is refusing to fix modified phones.

Likely anyone who is to have been affected has already been: After the application was discovered by Modmyiphone.com, the site was taken offline. According to F-Secure, the application was created by a 11-year-old developer who was tinkering with XML code.

"Next time it might be someone else with more skills and with specific target," Jarno wrote on the F-Secure blog. "Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and then installing unverified software without a second thought to what they are doing."