Slashdot Mirror

← Back to Stories (view on slashdot.org)

First iPhone Worm Discovered, Rickrolls Jailbroken Phones

Posted by Soulskill on from the maximum-threat dept.

Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"

7 of 215 comments (clear)

  1. Narrow Band detector by MasterOfGoingFaster · · Score: 5, Insightful

    So this worm is aimed at people are are smart enough to jailbreak an iPhone, but stupid enough not to change a default password. Sounds like a narrow band detection device.

    --
    Place nail here >+
    1. Re:Narrow Band detector by Anonymous Coward · · Score: 5, Informative

      also this article fails to mention that the worm disables ssh after infecting the device.. therefore kinda cleaning up the problem ..

  2. Something Ironic about the lyrics by masmullin · · Score: 5, Funny

    and the iPhone getting rickroll'd

    http://www.youtube.com/watch?v=3KANI2dpXLw&feature=player_embedded#

  3. Similar case by Stratoukos · · Score: 5, Informative

    Ars technica reported a similar case in the Netherlands about a week ago. A teenage "hacker" replaced the wallpaper with one showing an alert that told the user to give him 5 euros for instructions to remove the "virus". Full article

    --
    It may be 7 digits, but at least it's a semiprime
  4. Re:What does this mean exactly? how to fix? by Anonymous Coward · · Score: 5, Informative

    Go to Cydia, manage tab, packages, and see if OpenSSH is on the list of installed packages.

    If it is, download and install a package from Cydia called MobileTerminal.

    Start MobileTerminal, type in "su", then type in the default password "alpine", then type in "passwd", and set a new password (don't use " quote marks " in any of these commands)

  5. Re:arguably Apple share the blame by dingen · · Score: 5, Interesting

    The problem is not in the jailbreaking or unlocking of the phone. The problem is people installing OpenSSH but not changing the password (which it does ask you to) and thus allowing SSH-connections to their phone by everyone.

    --
    Pretty good is actually pretty bad.
  6. Re:arguably Apple share the blame by mat128 · · Score: 5, Insightful

    This isn't OpenSSH developers' problem. The jailbreaking utility should prompt you to change your root password. SSH is only allowing you to remotely log on the device, in the end if your password is weak/default, you shouldn't run an SSH server.