Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Malicious iPhone Worm In the Wild

Posted by timothy on from the because-some-jerks-are-clever dept.

An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."

8 of 135 comments (clear)

  1. hmmm. passwd by epilido · · Score: 4, Insightful

    how about changing the default password............

  2. Excessive? by ickleberry · · Score: 5, Insightful

    Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present.

    That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses

    1. Re:Excessive? by Rexdude · · Score: 4, Insightful

      No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone.

      If having an unrestricted device is so important to them, why buy an iPhone at all ?
      Every other smartphone lets you use the network provider you want, or install the apps you want from anywhere.

      --
      "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."
  3. There's an app for that! by zach_the_lizard · · Score: 4, Funny

    Finally! Now I can tell my friends that my iPhone can run all the stuff my desktop can!

    --
    SSC
  4. Why a default password? by harmonise · · Score: 4, Insightful

    why is SSH being installed with a default password left in place? Talk about asking for trouble.

    --
    Cory Doctorow talking about cloud computing makes as much sense as George W Bush talking about electrical engineering.
    1. Re:Why a default password? by Fahrvergnuugen · · Score: 4, Insightful

      Because a lot of people who use these jailbreak tools have no idea what they are doing.

      --
      Kiteboarding Gear Mention slashdot and get 10% off!
  5. Abstraction by gmuslera · · Score: 4, Insightful

    You just do this and that happens. As in "you run this and your phone gets even more awesome" or "you'll shut down your firewall be able to get movies in your pc" or things like that. But you dont have to understand what are really doing, or all that it implies. People are getting powerful things, and as childs are irresponsible about what could happen because their actions because they don't understand them.

    It seem plain clear to us that having a common, default admin passwords in all the jailbroken devices is a very bad policy, but how many times we could had fell in a similar situation were are us who don't understand fully what we are using i.e. in other areas?

    To make things worse, we complain a lot about products that takes the "safest" choice for us, not giving enough control/customization to the final (knowing enough?) user, making those impopular and so not taken even by the people that don't know (or don't want to know).

  6. Re:Wait a second? by CrackedButter · · Score: 4, Informative

    I can already do number 3 without jailbreaking my phone.

    --
    Jonathanjk.com