Slashdot Mirror

← Back to Stories (view on slashdot.org)

First iPhone Worm Discovered, Rickrolls Jailbroken Phones

Posted by Soulskill on from the maximum-threat dept.

Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"

3 of 215 comments (clear)

  1. Re:arguably Apple share the blame by dingen · · Score: 5, Interesting

    The problem is not in the jailbreaking or unlocking of the phone. The problem is people installing OpenSSH but not changing the password (which it does ask you to) and thus allowing SSH-connections to their phone by everyone.

    --
    Pretty good is actually pretty bad.
  2. Re:So... by Anonymous Coward · · Score: 4, Interesting

    I am reminded of those "I'm a Mac, and I'm a PC" commercials. So, Mac's "little brother" I guess is susceptible to the same plagues PCs are.

    Dude . . . it has nothing to do with Mac security. They've installed a third party application on their iPhone -- a service, no less. It's like giving out your house key to everyone, then complaining about how ineffective your house locks are. There are a couple of security practices being ignored by the end user here -- and these are users that, knowing how to jailbreak an iPhone, should know better.

    1. Never leave a default password.

    2. Never install a service if you don't need it. (Okay, maybe some DO need it, but I doubt all of them.)

    The same applies to Windows. Windows is riddled with security problems, hence 75% of windows viruses still work, whereas less than .001% of mac viruses still work (if even that). But even so, many "security problems" in Windows are not the fault of Windows, but of the user running it. It doesn't matter how perfect your burglar alarm is if you don't turn it on.

    On a lighter note:

    Dark Helmet: "Give us the combination to the air shield!"

    King Roland: "All right! All right. It's 1-2-3-4-5."

    Dark Helmet: "That's the stupidest combination I've ever heard in my life! That's the kind of combination an idiot would have on his luggage."

    [enter president Skroob]

    President Skroob: "Did you get the combination to the air shield?"

    Dark Helmet: "Yes! It's 1-2-3-4-5."

    President Skroob: "That's amazing! I have the same combination on my luggage!"

    Mel Brooks FTW.

  3. Re:DEFAULT PASSWORD? by argent · · Score: 4, Interesting

    Having a default password is bad enough, but my question is: why does the celluar network in Australia permit direct device-to-device connections over the air?

    Once you're running an IP stack, you'd have to make a deliberate and non-trivial effort to prevent direct connections, no?