Slashdot Mirror

← Back to Stories (view on slashdot.org)

First iPhone Worm Discovered, Rickrolls Jailbroken Phones

Posted by Soulskill on from the maximum-threat dept.

Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"

5 of 215 comments (clear)

  1. Summary: it affects ignorant fools by Nimey · · Score: 4, Insightful

    FFS, why is there even a default password on sshd for the jailbroken phones? It should default to being disabled and then require you enter your own password when it's enabled.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  2. Narrow Band detector by MasterOfGoingFaster · · Score: 5, Insightful

    So this worm is aimed at people are are smart enough to jailbreak an iPhone, but stupid enough not to change a default password. Sounds like a narrow band detection device.

    --
    Place nail here >+
  3. Re:So... by bjackson1 · · Score: 4, Insightful

    Yeah, it's the same kind of thing as Windows... Like if a user installed a remote management protocol, then left the default password on it, and then wondered why they got hacked so easily...

    Not to mention this is NOT apple's software, or anything that apple sanctioned on their phone. It is from hacked phones. Sadly, this will do nothing but make Apple more sure that they should not open up the iPhone platform more.

  4. Re:arguably Apple share the blame by mat128 · · Score: 5, Insightful

    This isn't OpenSSH developers' problem. The jailbreaking utility should prompt you to change your root password. SSH is only allowing you to remotely log on the device, in the end if your password is weak/default, you shouldn't run an SSH server.

  5. Re:arguably Apple share the blame by bhartman34 · · Score: 4, Insightful

    Apple doesn't care what you do with the iPhone, but they do have to close the holes that enable jailbreaking because they're security holes through which Something Bad could go to Do Something Bad.

    Apple absolutely does care what you do with the iPhone. That's why they've updated the ROM in newer 3Gs models to prevent jailbreaking.

    If Apple was okay with jailbreaking, and just interested in closing security holes, they would work on those holes, rather than on preventing jailbreaking altogether. (In fact, that's exactly what Palm does do. One of the first methods to install apps on a Pre was to e-mail yourself a link to an application. Palm (rightfully) closed that hole, but left intact the ability to root a Pre.

    And I agree with stillpixel. I wouldn't be shocked if Apple themselves had a hand in this.

    Thinking that Apple someone had a hand in creating this "worm" for jailbroken iPhones is not only considerably misguided (and unfounded), it's utterly moronic.

    I didn't say I believe that Apple had a hand in it. I said I wouldn't be shocked if they did. They've got a vested interest in keeping people from jailbreaking, and this kind of thing (especially because it's relatively innocuous) fits the bill.