First iPhone worm in the wild hitting jailbroken iPhones

By Justin Mann on November 9, 2009, 5:00 PM
Though worms for the iPhone have been identified in the past, they've all been more or less proof of concept with no real threats yet for iPhone owners. That's now changed, after the first known iPhone worm in the wild was discovered. Sophos dissected the worm and has posted ample information about it, including the note that it only affects certain types of jailbroken iPhones.

Essentially, the jailbreak leaves a security hole by not changing the default password when the SSH server is installed. Users who don't correct this can find themselves at the mercy of this worm, which thankfully is relatively benign currently. It does nothing more than slap a new picture up on the background image of the phone -- though, a more malicious worm could be crafted.

Given the cause of this particular security flaw, don't expect any help from Apple or any fix from them either. If you've installed an SSH server on your phone, now's a good time to change the default password if you haven't already.

Apple would no doubt be quick to point out that an unmodded iPhone isn't vulnerable to this particular worm, and likely other sorts of attacks as well. To truly stand on that ground, however, you have to look at the motive behind jailbreaking to begin with. If Apple incorporated functionality that people wanted in the first place, there'd be less motive to jailbreak.

The supposed discoverer of the exploit has been helping people rid themselves of the worm. For those hit by it, this may be just a lesson in better security practices. For everyone else, however, it shows that nothing -- not even your phone -- can be completely safe from malicious attacks.




User Comments: 8

Got something to say? Post a comment
slh28 slh28, TechSpot Paladin, said:

And here's how to change the password (taken from theiphoneblog.com):

1) Download Mobile Terminal from Cydia (it's a great app to have)

2) Start up Mobile Terminal

3) Type in "su root" minus the quotation marks

4) It will ask for the current password, which is by default "alpine", again minus the quotes

5) Type in "passwd", still no quotes

6) Now you have to type in what you want your new password to be. Bear in mind that this text will not appear on screen, nor will any other character. Also bear in mind that this is case sensitive.

7) You will have to enter in your password a second time to confirm.

Timonius Timonius said:

A worm that affects certain jailbroken iphones huh? I'd say that something fishy is going on here given Apple's adversity to people 'messing' with their products.

superty12 superty12 said:

Now people see why not to jailbreak their iPhone. Good thing it dosn't do serious damage.

Though worms for the iPhone have been identified in the past, they've all been more or less proof of concept with no real threats yet for iPhone owners. That's now changed, after the first known iPhone worm in the wild was discovered.
There is no real threat.

Guest said:

Apple will declare this a feature

JieMan JieMan said:

This would be the best if the Iphone was starting to be targeted by hackers, I cant wait till they start infecting official supported phones.,, I for one am sick of how Apple claims they have no viruses cause there that good , gimme a break ,, the real reason is they have no market share in the PC world so who in there right mind target them ..

But the Iphone is a different story they have huge share in the smart phone market..

I for one would love to see them brought down from there pedestal of smug.

I guess I can only hope . . . . . .

Staff
Rick Rick, TechSpot Staff, said:

, I cant wait till they start infecting official supported phones.,, I for one am sick of how Apple claims they have no viruses cause there that good

Mac OS is unquestionably, inherently more secure than Windows. Vista & 7 are game changers though, so good for Microsoft. There have been viruses too, but after servicing thousands and thousands and thousands of PCs & Macs, I've never actually seen one in the wild.

The iPhone is SO frickin' locked down -- even to the users themselves -- that a truly damaging virus is unlikely. I know there are plenty of exploits for the iPhone OS, but taking advantage of them via WAN without root access is going be awfully challenging.

The reason we see a 'virus' (which only changes the background..) on jailbroken phones is because the people who were 'bright' enough to jailbreak their iPhone (requires the installation of SSH, a terminal-based, remote access system server daemon) were dull enough to not change their SSH password from the default which everyone knows now (Hint: "alpine" .

TorturedChaos, TechSpot Chancellor, said:

Timonius said:

A worm that affects certain jailbroken iphones huh? I'd say that something fishy is going on here given Apple's adversity to people 'messing' with their products.

My first thought on reading this was

"only affects jailbroken phones? Wonder how long it took Apple to find that hole and write the worm"

So ya....

Guest said:

Way to go Apple...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.