Well if you've been telling your buds your iPhone is totally virus free and safe, 'tis time to eat your words. Seems some
incompetent 11-year old kid added an app to Installer sources that lists itself as "iPhone firmware 1.1.3 prep" -- we're calling it fail.trojan -- an update to
Erica's Utilities. Though not too troublesome -- apparently only says "shoes" once installed -- it may well be the start of a whole new bag of fun for the inspired yet bored amongst us. Removing the app damages a pile of programs in the iPhone's bin folder like Erica's Utilities, OpenSSH, Doom, and Launcher, though you can sort it by simply re-installing. Apparently his father's been notified and he's been given a harsh talking to and the site with the malicious source is now offline.
[Via
CNET, image courtesy of
thecampuscomic]
posted Jan 8th 2008 8:49PM
I remember when I was 11... I wasn't hacking iPhones... thats for sure.
I remember when i was 11 to. I think i was busy wasting my time on something that wouldn't get me beat up for being a nerd.
Wow I'm getting old I cant remember 11... then again cant remember yesterday either
"Where am I? Who are you?"
http://www.youtube.com/watch?v=SMF2Eb0Wa_I
Shoes?
I remember when i was 11, two years ago.... enough said.........
VIC-20 CARTRIDGES!!!!
CHOPLIFTER!!!
When I was 11 everything was different, and Pluto was a planet
http://leukeh.deviantart.com/art/Wallpaper-2-OS-X-vs-Vista-49816042?q=Mac+OS+X+boost%3Apopular+age_sigma%3A24h+age_scale%3A5+in%3Acustomization%2Fwallpaper%2Fapple
Trojan horses are for vista ONLY! ok fine, other windows os' included...
Nice way to downplay it, guys.
I only wish you would show this type of smarmy contempt to all the other malware writes who write this type of crap for Windows.
Malware for Windows:
Micro$oft suckz!
Malware for anything from Apple:
Just some incompetent 11-year old kid. Not a biggie. (sweep under rug)
apart from you dont have to hack the shit out of window and still download manually and install for an exploiton windows do you? This is HACKED iphones only and you also have to be stupid enough to do the above. READ!
I'll wait to eat crow until my Macs or my iPhone fall victim to some hack/virus/malware/trojan in the wild.
The day that happens, I will start looking into 3rd party security/AV/anti-spyware software. While I install it, I will look back fondly on the 5 years (and counting) that I hadn't had to suffer with the ills of the Windows world.
Also, that day all of the Microsoft apologists will somehow feel justified in having put up with all of that garbage on their platform of choice for lo those many years.
Considering it is barely a hack at that, yeah, we can safely "sweep" this one by without a worry.
My God, if the iPhone had as many problems as ANYTHING Windows, more than half the time it would boot up to a nice touch active BSOD.
Warning! Touch Screen has become inactive. Please press the okay button on the touch screen to continue! :-P
BSOD lol. I don't think I've seen one of those since 2004. Clue, in 2008 if you get a BSOD, it's probably your $12 TV tuner card you got off eBay.
Somebody should give that kid a tech job!
"I remember when I was 11... I wasn't hacking iPhones... thats for sure."
thats because when most of us were 11 cell phones were bricks and we weren't all spoiled little SOBs with an iphone daddy bought us. hehe
Really? Thanks for the insight; the original comment meant almost nothing to me. Until I came upon you comment, I was confused, angry, even bamboozled because I couldn't decipher the meaning of such a cryptic first post.
End sarcasm.
I'm pretty sure the first comment was meant to imply some sort of skill on behalf of the 11 year old... however I'm pretty sure the 11 year old was some script kiddie who managed to "infect" people by contaminating a trusted source.
took longer than i anticipated
I was typing away on a TRS-80...
The bit about the 11 year old is either a joke or embarrassingly slanted reporting
I might sound crazy but it sounds a bit like something my neiboughrs son would do. He is all into hacking things, especially apple products.
I started programming not long after I was 11, and if I had no life before then I definitely would have started earlier.
considering what the app does - displays "shoe" then rm's some stuff in /bin/ - I would put this at the level of anyone who was given a crash course in unix/linux at some point in their life, which could easily be before the age of 11.
If the Trojan horse is weak, wouldn't it be the Trojans who were laughing, not the Greeks? The Greeks were the ones inside the horse sneaking into Troy, not the Trojans. Just to clarify. I love my Iliad. Even if that story isn't in the Iliad. Damn me and my knowledge of Greek Literature!
Yeah, seriously. Engadget, you're dangerously close to losing your nerd license.
Steve B. beat me to the punch. Yes, it was the Greeks that built the Trojan horse, after a 10 year (maybe a little exaggerated) siege on Troy.
I think the point is that the Greeks built a successful Trojan horse, while this kid's sucks.
I think they greeks would be laughing cause their trojan worked out better than this kids trojan. So the Greeks would be laughing at the kid for not making it wreak havoc. Maybe.
...and weren't the Greeks the Achaeans back then? I too love my Homer. Thanks for making the point!
I try to keep my 14 year old away from programming tools and gave him something more practical this Christmas: his first set of lock picks. I'm so proud!
Ahhh, Chris, that makes sense. I see. This kid has brought shame on all of Hellas!
My iPhone hasn't been jailbroken since 1.1.1, so I'm not at all vulnerable, sukkas!
I'm not vunerable to it either. Why? I read about what I download and install first, especially something as sensitive as "1.1.3 prep". You'd have to be idiot to install it.
I agree with Fred. And IMHO Bob is a jacka$$
The story's text, "Well if you've been telling your buds your iPhone is totally virus free and safe, 'tis time to eat your words." is misleading and sensationalistic since it's a trojan not a virus.
Likewise, fred's comment, "I only wish you would show this type of smarmy contempt to all the other malware writes who write this type of crap for Windows." is misplaced since it's not malware either.
From Symantec's site it's clear that this is just another example of why you should never run a program that you don't trust, regardless of the platform:
"According to various reports, installing the package doesn't have much effect on the iPhone. However, uninstalling it may cause problems, as the malicious package overwrites some other applications during the install. Some of the applications it overwrites are "Erica's Utilities" (a collection of command-line utilities for the iPhone) and OpenSSH. If the user chooses to uninstall the bogus package, these applications will also be removed. Affected users will need to reinstall these applications.
This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat. The impact of uninstalling the "Trojan" would appear to be an unintended side effect. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones."
holy crap - nerdathon deluxed overkillah!
it's flamebait
Shoes? Is that some kind of Murder by Death joke? Is this kid really 11?
BUt HOWE CAN U TEL BY MY CODEING DAT I AM OLNY 11!!! :O
"Greeks point, laugh"
Haha, that's part of why I love Engadget. :D
I laugh at this article.
it's not because the iPhone is insecure (not that it's totally secure) but this is just social engineering. Don't blame the iPhone. Blame stupid users.
And be prepare to see Antivirus companies release Antivirus software for the phone soon and making big news all over that you need it. Which you eventually will on a phone this advanced.
Stupid users? It was a program. Normal people don't Google everything they're about to download and normal people don't have AVs on their iPhone. From the hours "smart users" spend on researching if a program is safe, "stupid users" would've reinstalled all programs they lost and would be happily enjoying their iPhone. It's not that serious.
Hours? Have you ever used google?
Oh wait, are you still using GPRS?
Naw.. they're on EDGE
So here's the rundown:
IF you have manually hacked your iPhone
AND
IF you use Installer.app
AND
IF you manually install this software without knowing what it is
you will need to do nothing more than restore your iPhone to factory condition using Apple's utility.
Um, where's the story, guys?
AND
You installed JMCO source jmwiki.com, since that isn't a source that comes with installer.app or the "community sources" package.
This is as dumb as going to some random web site and downloading FREE_XXX.exe on a PC and attempting to run it.
This kid needs his little butt paddled. I don't care if the trojan did not work very well, or it turned out to do something benign. Uninstalling it apparently can some problems, even if unintended.
It's that same sort of mentality that gets viruses and other type of malwares created. Complete disregard towards another's property.
I'm not coming down on hackers either. Hacking, as a term, has been misused for awhile now to represent behaviors and motivations that have nothing to do with hacking specifically. It has also been used to aggregate specific types of actions under one term such as cracking, or phreaking, etc. Unfortunately, it also aggregates specific types of actions that are not even hacking in the first place.
Most people don't come close to hacking. Having an iPhone running home brew does not qualify. One cannot "hack" their own property. I have always found it interesting we call modifying your iPhone, PS1, PSP, PS2, XBox, etc. "Hacking". Sony and Apple want you to believe that doing this is hacking your device. That implies, that at some level, you don't own it. They do. It's very subtle isn't it?
Hacking, according to its traditional definition, has always been performing actions against property that is not yours. I know some may disagree with my interpretation, feel free to tell me yours.
A lot of hacking is merely for information gathering purposes, the attainment of knowledge or ability, and rarely one of destruction. That is the propaganda machine at work.
So I know a lot of people want to laugh at this, dismiss it, turn into a flame war between Apple vs. Microsoft, but this kind of behavior really needs to be taken seriously.
This kid needs to be punished because his actions affected a lot of other people, and caused damage. If we don't make him wish he was never born for the next couple of weeks, he may grow up to be one of those assholes that is not just making the new stealth MBR rootkits, but using them to install not so benign malware.
It's shoes today, but tommorow it could be capture the bank account info and transfer the money out.
kid doesn't need butt paddling - that doesn't work on nerd kids - removing the electronic devices from their rooms works wonders - installing sandboxing software on their machines, and unplugging your router when you are not at home works great too.
butt paddling worked when there was nothing in the kids' room to do - you couldn't distract yourself by staring at the walls in your room.
it's better for things to be found broken and fixed, rather than the alternative, you kinda deserve this situation if you have a jailbroken phone and you have no clue what that means.
again, this post is flamebait
Well at least we agree he needs PUNISHMENT. Now we are just haggling over whether to cut off his right-hand, or stick bamboo pieces under his fingernails. I'm kidding of course. Whatever happens, something needs to be done that will reach this kid. Something that will make him understand.
Accordingly, maybe installing a destructive rootkit on his system that will slowly corrupt his games, steal his online passwords and IM his friends that he still wets the bed, might be more effective.
As for some of the iPhone users that have no idea what they are doing, the stupid should not be targeted merely because they are stupid.
"But your honor, look at the guy... he's a moron", is not a real good or ethical defense as to why you programmed his iPhone to deliver electric shocks every time he put to his face. The fact he may be suing since he has 3rd degree burns from talking to Apple tech support does not mean anything either.
Most of other news sites mentionned the fact that this trojan only affects hacked iphones.
I am not very surprised that engadget didn't.
somehow i don't think he's only 11
These shoes are three hundred dollars. These shoes are three hundred dollars. These shoes are three hundred f***ing dollars. LET'S GET 'EM! http://www.youtube.com/watch?v=wCF3ywukQYA.
OOOOH, I have a great idea! Maybe if we mock his attempt enough, it will inspire more of the "bored among us" to do it better...
Oh. Wait. Maybe that's not so good.