Slashdot Mirror

← Back to Stories (view on slashdot.org)

First iPhone Worm Discovered, Rickrolls Jailbroken Phones

Posted by Soulskill on from the maximum-threat dept.

Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"

22 of 215 comments (clear)

  1. Similar case by Stratoukos · · Score: 5, Informative

    Ars technica reported a similar case in the Netherlands about a week ago. A teenage "hacker" replaced the wallpaper with one showing an alert that told the user to give him 5 euros for instructions to remove the "virus". Full article

    --
    It may be 7 digits, but at least it's a semiprime
  2. This story seems familiar by Virak · · Score: 2, Informative

    Oh right. Probably someone saw that story too and decided to have a little fun with the same gaping security hole too.

  3. Re:What does this mean exactly? how to fix? by dingen · · Score: 2, Informative

    Only people who deliberately installed OpenSSH through Cydia and didn't change the default password are affect by this "virus". If you haven't installed OpenSSH, you're not a target.

    --
    Pretty good is actually pretty bad.
  4. Re:What does this mean exactly? how to fix? by Anonymous Coward · · Score: 5, Informative

    Go to Cydia, manage tab, packages, and see if OpenSSH is on the list of installed packages.

    If it is, download and install a package from Cydia called MobileTerminal.

    Start MobileTerminal, type in "su", then type in the default password "alpine", then type in "passwd", and set a new password (don't use " quote marks " in any of these commands)

  5. Re:Narrow Band detector by Anonymous Coward · · Score: 5, Informative

    also this article fails to mention that the worm disables ssh after infecting the device.. therefore kinda cleaning up the problem ..

  6. Re:arguably Apple share the blame by bhtooefr · · Score: 4, Informative

    The only rivals that are completely unlocked are Palm OS (which is a joke,) Windows Mobile, and Maemo.

    Android and WebOS do at least allow you to install unsigned apps, but you don't get root access without a jailbreak, and BlackBerry and Symbian both require signed apps and don't even give root to most signed apps. Useful for things like tethering (although not required.)

  7. Re:arguably Apple share the blame by Ma8thew · · Score: 2, Informative

    PalmOS, not WebOS.

  8. I did an interview with ikee-as is seen on my blog by OzJD · · Score: 4, Informative

    Quick spam, But it's a lot more informative http://blog.jeltel.com.au/2009/11/interview-with-ikee-iphone-virus.html I asked as many questions as I could come up with, and he answerred them all :) Source code is listed on that link as well

  9. Re:DEFAULT PASSWORD? by MindCheese · · Score: 3, Informative

    User: root
    Password: alpine

    Unless you reset it with passwd once you get in (something no guide underscores the importance of, and your typical "ooooh shiny" mass-market Apple consumer won't know), this is the default.

    Having a default password is bad enough, but my question is: why does the celluar network in Australia permit direct device-to-device connections over the air?

  10. Re:I did an interview with ikee-as is seen on my b by Anonymous Coward · · Score: 1, Informative

    Just adding some background info to this drama, OzJD was in cahoots with ikee before this was released and they are both making the most of their 15 minutes of fame

  11. don't click it! by jmil · · Score: 2, Informative

    don't click the link. i was fooled. the posting and comments above are sophisticated hacks to get you to click the link and be rickrolled. the tactic recently attempted here: http://bit.ly/3Xdrd

    --
    I wish I were old enough to put "Computer" on my resume.
  12. Re:So... by TheRaven64 · · Score: 1, Informative

    It's worth noting that the kind of person who compiles these statistics doesn't use quite the same terminology as everyone else. Smartphone only covers the top end of what most people would think of as a smartphone. The (much larger) rest of this market is comprised of things called 'feature phones,' which includes thing that were smartphones a couple of years ago. It's not just a simple split between dumb phones that make class and send SMS and smartphones which do other stuff too; they split the market into four or five largely arbitrary segments, of which smartphones is the smallest (although growing quickly).

    --
    I am TheRaven on Soylent News
  13. Re:Summary: it affects ignorant fools by ceoyoyo · · Score: 2, Informative

    The root "account" on an iPhone is the same for all phones but is normally disabled. At least at some points in time, a jailbreak consisted of enabling SSH and that root account. SSHing into your phone using that account was the only way you could to anything else - it WAS the break.

    Admittedly now, with more user friendly jailbreaks, SSH could ask you to change the password when you install it.

  14. Re:What does this mean exactly? how to fix? by francium+de+neobie · · Score: 3, Informative

    You can also... ehh... ssh to your iPhone and change it right after you jailbroke your iPhone. You'll need a wifi network and another computer to do that, of course.

  15. Re:Narrow Band detector by ceoyoyo · · Score: 2, Informative

    Not exactly. Jailbreaking an iPhone these days isn't what it used to be.

    It doesn't even require the command line anymore.

  16. Re:DEFAULT PASSWORD? by ceoyoyo · · Score: 3, Informative

    Actually, most of the jailbreaking guides did make a big deal of changing your password, back when installing SSH was a required part of the process. Apparently when you install SSH through Cydia today it also suggests you change the password. So the people who got hacked ignored a clear warning.

    Once you connect your phone to the Internet, device to device connections are sort of the default. You have to purposely block incoming connections to prevent it.

  17. Re:arguably Apple share the blame by clarkcox3 · · Score: 3, Informative

    PalmOS - http://en.wikipedia.org/wiki/Palm_OS
    WebOS - http://en.wikipedia.org/wiki/Web_OS

    big difference

    --
    There are no tiger attacks in my area and it's all because this rock I'm holding keeps the tigers away.
  18. Re:arguably Apple share the blame by morgan_greywolf · · Score: 3, Informative

    Perhaps the makers of OpenSSH should change the first-run behavior to require the user enter a new password in order to prevent this issue?

    No. OpenSSH is a tool for allowing remote access to a host. It is not a password manager, login manager, etc. Such functions are best separated from OpenSSH. Perhaps it would be best if the jailbreak utility prompt for a root password or generate and provide
    the new SSH private key for the root account to allow for ssh key exchange logins and instruct the user to login via SSH to change the root password. Something like that.

    --
    My blog
  19. A message for default passworded iPhone users... by TheJodster · · Score: 3, Informative

    If you are too stupid to change the default password on the SSH server running on your iPhone, you shouldn't have a jailbroken iPhone. You should leave the damn software alone so that Big Daddy Jobs can take care of security for you. Come back and see us jailbreakers when you get to wear your big boy panties.

    --
    A little misunderstanding? Galileo and the Pope had a little misunderstanding...
  20. Okay so I tried this... by BLKMGK · · Score: 4, Informative

    My phone is Jailbroken but Cydia wasn't on it. I fired up Putty and nope, connection rejected. Tried to install SSH with Rock, it failed claiming that it didn't have Superuser privs. I fired up blacKra1n and installed Cydia. During the install Cydia appeared to install SSH but still no connection. I went in and reinstalled SSH, now I got a connection with the default password. But wait, at the bottom of the SSH install screen where it tells you how to use it they TELL YOU TO CHANGE THE PASSWORD! they also provide you a link to an article detailing HOW TO DO THAT. At this point I already had an SSH connection so I issued a passwd and changed it. TaDa, that hard to do - sheesh! I also installed an interesting little tool called Toggle SSH, gee guess what that does very well? Yup, blocks SSH connections at the press of a button - like a toggle ;-)

    So, I had to jump through hoops to install the damned thing, then I received CLEAR instructions on how to change the default password, AND there's a simple to use FREE program out there that disables it. Obviously it might get installed as part of other things depending upon how you jailbroke but come on, they could not have made this too much easier to fix! If people are getting spanked by this well, perhaps they should have been a little more cognizant when they jailbroke? It's not hard to fix via any computer with SSH on it and you can even load a terminal program local to the phone to fix it....

    --
    Build it, Drive it, Improve it! Hybridz.org
  21. Re:arguably Apple share the blame by BLKMGK · · Score: 2, Informative

    Umm except I just did this with no problems? I logged out and back in with new password, no issues. This is on 3.12. what loop issue did you have and how do you go about triggering it? I will test...

    --
    Build it, Drive it, Improve it! Hybridz.org
  22. Th Root Password by djdavetrouble · · Score: 4, Informative

    is alpine.

    --
    music lover since 1969