Slashdot Mirror
First Malicious iPhone Worm In the Wild
An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."
how about changing the default password............
Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present.
That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses
Finally! Now I can tell my friends that my iPhone can run all the stuff my desktop can!
SSC
Wederom zijn het alleen gebruikers van een gejailbreakte iPhone of iPod Touch die risico lopen.
Translation: Again are the only users of an iPhone or iPod Touch gejailbreakte at risk.
In summary, if you jailbreak your phone, install apps to make your phone a server, and don't take steps to secure it, you are an idiot and deserve whatever happens.
why is SSH being installed with a default password left in place? Talk about asking for trouble.
Cory Doctorow talking about cloud computing makes as much sense as George W Bush talking about electrical engineering.
Odd, the story called it a WORM.. which it is.
---- Booth was a patriot ----
>to the latest Apple firmware in order to ensure no malware is present."
If they flash to the latest apple firmware, will they be able to
Most importantly - will they be able to jailbreak the device after the update?
I see a future where Apple, the RIAA, and others might wish to write worms to help prevent people from hacking their devices or brick devices that have been "hacked".
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
You just do this and that happens. As in "you run this and your phone gets even more awesome" or "you'll shut down your firewall be able to get movies in your pc" or things like that. But you dont have to understand what are really doing, or all that it implies. People are getting powerful things, and as childs are irresponsible about what could happen because their actions because they don't understand them.
It seem plain clear to us that having a common, default admin passwords in all the jailbroken devices is a very bad policy, but how many times we could had fell in a similar situation were are us who don't understand fully what we are using i.e. in other areas?
To make things worse, we complain a lot about products that takes the "safest" choice for us, not giving enough control/customization to the final (knowing enough?) user, making those impopular and so not taken even by the people that don't know (or don't want to know).
So Apple has been working hard to keep jailbreaking down to a minimum. Now it is discovered that some jailbroken phones with jailbroken apps have security issues.
How is someone going to now turn this around and blame Apple?
gejailbreakte
I love it.
Sadly, the language is full of these sort of things nowadays... give it another decade and Dutch will be fully understandable for people who speak English.
Pretty good is actually pretty bad.
Doesn't this (finally) put to bed the notion that there are virtually no worms or viruses for Mac OS X simply because hackers don't want to waste their time on a platform with so little market share? The platform targeted by the hackers in this case -- jailbroken iphones running a particular service -- is a fraction of the installed base of Mac OS X computers. It seems that hackers (naturally) select their targets primarily based on ease of exploit -- jailbroken iphones with SSH installed with a default password, for instance, or Microsoft Windows -- than on market share, since any of these platforms still provides tens of millions of potential targets.
I think it's also important to note that the security of Mac OS X extends to the iPhone as well; hackers are apparently unable to successfully compromise the much larger installed base of iPhones, having to content themselves with the much smaller population that has been jailbroken (read, "security compromised").
The default install doesn't come with OpenSSH anyway. If you deliberately install OpenSSH (to access your stuff using WiFi, which is why most people do) and fail to change your password (which should be blatantly obvious, since it's what you'll be using to access the phone over WiFi), well, shame on you. If you can't deduce that anyone can access your phone remotely just as well as you can, you shouldn't be doing these things.
Really, a good part of the blame is probably on tutorials and guides out there that tell you to install OpenSSH and don't mention changing your password (or don't mention it in bold/red enough text). Smart people change their password, and dumb people don't go messing with a weirdly-named package that isn't listed under the "user-friendly GUI stuff" categories. It takes a poorly-written tutorial to bridge the gap.
FWIW, the default passwords are already there on Apple's OS. Jailbreaking by itself doesn't make the phone any less secure because it only lets you install unsigned apps. It's installing OpenSSH that suddenly turns the default passwords into a huge security hole. If OpenSSH were hypothetically available on the App store, the issue would still be present.
Booth stopped rotting a long time ago. As such he no longer stinks. Not stinking is hardly enough to be called a patriot. I can think of nothing else to recommend him.
You can use Skype/VOIP over the AT&T 3G network now
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Being only able to buy the iPhone here in the US as a carrier-locked phone - that's wrong and sucks. But sadly that's the rule here because of the deal Apple has with AT&T. May it expire soon, even though the only other national GSM carrier is T-Mobile and they have an even smaller footprint. It'd be nice to take an iPhone out of the country and get a local SIM without having to use your AT&T account.
Of course, that carrier lock is also why the iPhone costs $200 instead of about $600 or so - the carrier subsidy that AT&T pays Apple for it keeps you from having to pay all the money up front.
Jailbreaking, though, is a different story. Anyone who wants to jailbreak their iPhone should feel free to do so and run whatever they want. But if you go to the trouble to bypass Apple's application security model you get what you get. Not Apple's fault.
But things like this worm make me understand that much more why Apple works to plug the holes that jailbreak tools keep exploiting. We may not all like that we're restricted to getting apps from the App Store, but on the other hand the iPhone isn't sold as a tool for personal freedom. It's sold as a phone that runs apps that you get from Apple. Period.
There's other phones that are marketed as "freedom phones". If people want that above all else, they should buy a phone with the appropriate OS and not an iPhone.
Ultimately, I hope Apple opens up the App Store further and simply reviews apps to answer just a couple of questions:
1 - Does the app do anything that expressly isn't allowed by carrier contracts?
2 - Does it break the published development rules?
If it doesn't, then it ought to be published, period. For instance, now that AT&T stated that VoIP would now be allowed on their network, all the Google Voice apps and Skype should immediately be approved and put out for 3G usage. Because those apps don't break guidelines and are now allowed by the carrier.
But even if they eliminated all restrictions short of that, the App Store will never be the free market that jailbreakers want to have. So get another phone. I hear you can run anything you want on Windows Mobile.
(why you'd want to may be another story...)
-- Josh Turiel
"2. Do not eat iPod Shuffle."