Jailbroken iPhones exposed to second worm, this time malicious
By Vlad Savov 
posted November 23rd 2009 6:40AM
posted November 23rd 2009 6:40AM
As inevitable as the sun rising in the East and setting in the West, an innocuous iPhone worm has been transformed into a malicious bank details-stealing virus. The second recorded iPhone infection operates on exactly the same principles as the first, as it targets jailbroken handsets with SSH installed, but this time adds the ability for the hacker to remotely control and access the phone. By throwing up a purported ING Direct login page, he (or she, or they) can collect your online banking credentials and, presumably, all the cash they are supposed to protect. Presently isolated within the Netherlands, this outbreak may spread further still, as it is capable of infecting other jailbroken iPhones on the same WiFi network.
So... Turn off SSH or don't jailbreak if you don't know EXACTLY what you're doing. Easy enough, but there are allways complete numskulls that do it anyway...
If you do ANYTING, do it right and with caution is my advice.
...And even 'numbskulls' too!
easier solution, don't be a c**k and use the default 'Alpine' password, thats all you need to do change the freakin password!
You don't even have to turn SSH off.. you just have to change the default password.
The problem is you don't need to know what you are doing to jailbreak. It's easy process so everyone can do it.
Damn... Now I have a reason to change "alpine"...
Well, then those phones should not be exposed..
YARR! seems like the pirates have a hole in their vessel
Man the lifeboats!!!
Believe it or not, there are more uses to jailbreaking than piracy.
(Jailbreaking existed before the Appstore :D)
Suckk shit
Ok, it is FUD
@(Unverified) you made me go to urbandictionary just to see what FUD means, thats why i am giving you a negative
@(Unverified)
because you can understand it then you did ranked me down?.
FUD is a old acronyms used for software and hardware that fit perfectly for this case.
Bought an iphone, are connected via wifi and have cash in your account ready to be stolen...
...there's an app for that!
I think this was apple intension to stop jail broken iphones. Come on folks; for months they have been trying to stop people from jail breaking iphones and taking it to other carriers. Now all of a sudden if you do you will get a worm. Coincidence, I think not.
I don't know if I need a tin foil hat here... or a raincoat for all of the shit flying around.
If you would honestly believe for a second that Apple would compromise their own devices, you're a moron. An absolutely retarded, 100% idiotic, moron. Jailbroken or not, Apple still wants to sell the phones.
I wonder if stock iPhones will ever be compromised?
Hence Jailbreak.
@AaronX
nope, hell the users themselves can't do much with the original firmware, no random halfway around the world will be able to
The original worm was only able to target iPhones with the default root password - is that still the case for the malicious version?
Nope, it asks you to enter your current admin password in order to install the bestest cydia apps out there for free!
...and then you deserve to be hacked.
??????????!!!!!!!!!!!!!!!!!!!!
The Rick Astly prank I can understan, proves a point and is funny. The fact that a hacker now means business using such a "below-the-belt" tactic with the ING bank scam is just unrespectably unbelievable.
hahahaha... thats rich!
@ack154 It's not the first time a company has crippled a device that was modded or using unauthorized software or hardware.
When is that HD2 coming out in the states, again?
Why does that matter? See, here's the solution to this problem: Don't be a moron. Wasn't that easy?
IF you jailbreak your iPhone and IF you have SSH installed and IF you don't change the default password THEN you will be vulnerable. So don't be a moron. Change the default password. This is not an iPhone-exclusive piece of advice, that goes for anything. FTP servers, web servers, your email accounts, your admin accounts, your wireless router. Don't leave any passwords anywhere as the default.
Oh and if you have SSH installed with the default password on ANY phone you will be just as vulnerable. The iPhone isn't the problem, stupid users are.
Is it too hard for the press to accurately report "SSH enabled" phones rather than jailbroken? Adding OpenSSH is a step typically done *manually* after jailbreaking, via the Cydia installer. It's hardly something that occurs outside the visibility of the phone's owner.
For those that have installed OpenSSH and who've also hopefully changed the default password, you also may want to install SBSettings. This provides a set of toggles that drop down with a swipe of the finger across the status bar. These include toggles not only for Bluetooth, WiFi, 3G, etc., but also for the SSH daemon (so you can enable it only when required, as an added precaution).
Good advice.
It should also be noted that once installed, SSH is ON by default every time you reboot, regardless of whether previously turned off. This is to provide the jailbreaker an opportunity to SSH in and fix things that may have gone wrong.
Also, a lot of jailbreak apps depend on OpenSSH.
Exactly... the hack app LOL
Second?? No. As your own "More on this topic" section points out, this is the third:
"# First iPhone worm rickrolls jailbroken phones
14 days ago
# Dutch hacker seeks out jailbroken iPhones for fame and fortune
19 days ago"
I wish people would stop giving that Ashley Towns script kiddie credit for the first worm. All he did was modifiy the open-source Dutch code.
@mike86 Go back and actually READ the post and not just the headline.
"We sort of knew this would happen as soon as we heard about that iPhone wallpaper hack in the Netherlands -- a hacker named ikex has created what's apparently the first iPhone worm..."
The first instance, the guy who implemented this hack, didn't use anything referred to as a worm and just dropped a .png or some other image onto the device to display the warning. The rickroll was actually code written to preform the attack, hence, a worm. Which means, since this hack is malicious code that attacks an SSH enabled device with a default password, it is the second recorded instance of such an item. That being said, I agree, it is very similar to the original hack preformed. But the original hacker merely paved the way for this to happen. I'm sure there may be more of these types of things out there, just awaiting discovery.
Speaking of spyware, last week there was a ware released that can track your location via your mobile. Now that doesn't sound cool at all. :( http://bit.ly/worst-spyware-on-cellphones
this is what you get for not changing your root password
"he (or she, or they)" yeah or it..
If you have jailbroken your iPhone you must change the password for the root user as well as the mobile user. The iPhone uses unix security which is sold, but not if someone else knows your root password.
Open an ssh terminal and type sudo passwd root type in the password everyone in the world knows: 'alpine' then it will prompt you for the old password. Type 'alpine' again, then type a new password when it asks.
Repeat for the 'mobile' user: sudo passwd mobile then type in the old password which is also 'alpine' then choose a new password.
viola! you are safe!
It's near-impossible to write a worm for unix. This is actually a hack. It uses the known root password to compromise phones which are not secure. It might be news for alarmists, but I don't think it does anything that a password change wouldn't fix.
it doesn't take ages to change a simple password.......nothing to panic jailbreakers.... use brain and hands....
I wouldn't put it past Jobs and Apple to be behind this. As much as they himmed and hawed when they were first getting jailbroken I would bet $1 that they are pushing these worms out to get people to either go "legit" or stop jail breaking all together.
But I thought Apple products were "immune" to malicious attacks!?
... because a user who jailbreaks their iPhone, then installs SSH, then doesn't change the password, then gets infected because of it is somehow Apple's fault? See, here's the thing. If you don't jailbreak your iPhone, you won't get infected. Since Apple doesn't sell jailbroken iPhones I fail to see how this is their fault.
I bet you're one of those people who doesn't know the difference between a trojan and a virus too, huh?
Fine, if Apple is doing this then Microsoft has 450,000 worms and viruses to answer for. Not to mention Y2K, Vista, and a whole other lot of money wasters...
LOL! Seriously?
You act like this is Apple's only mistake in the grand scheme of things. Let's get real here: Apple products just became decent, in terms of software, hardware (This is still questionable). Many of the Macs from the 80s and 90s were such duds, that you'd have more usage for them as a paperweight more than a computer.
How is this Apple's mistake? This malware is specifically dependent on a user jailbreaking their iPhone, installing SSH on it, and then not changing the default password.
Does Apple sell an iPhone in that configuration? No? Then it's not Apple's fault, is it? This is the same thing as installing SSH ANYWHERE on ANY DEVICE and not changing the default password. Do you blame Microsoft if somebody correctly guesses your admin password? Think about it.
Wow. Seems that iPhone continues to suck in new ways. Its like the gimmick is finally wearing out and the junk behind is being exposed. Knowing apple they prolly wrote it themselves. If I were someone reading this and considering a new smart phone I would skip the iphone all together condidering what's at risk. Luckily there are tonnes of better phones out there today to chose instead. I.e. Android phones and palm pre.
Apple slowly losing face. The ugly underneath is showing.
Wow. Seems that iPhone continues to suck in new ways. Its like the gimmick is finally wearing out and the junk behind is being exposed. Knowing apple they prolly wrote it themselves. If I were someone reading this and considering a new smart phone I would skip the iphone all together condidering what's at risk. Luckily there are tonnes of better phones out there today to chose instead. I.e. Android phones and palm pre.
Apple slowly losing face. The ugly underneath is showing.
Wow. Seems that iPhone continues to suck in new ways. Its like the gimmick is finally wearing out and the junk behind is being exposed. Knowing apple they prolly wrote it themselves. If I were someone reading this and considering a new smart phone I would skip the iphone all together condidering what's at risk. Luckily there are tonnes of better phones out there today to chose instead. I.e. Android phones and palm pre.
Apple slowly losing face. The ugly underneath is showing.
crap. Sorry all. Did not mean to pst 3 times. Odd glitch. Didt write and post 3 times.
my apologies all.
God when will these people learn to change their default passwords.
How stupid can you be? Oh wait, these are APPLE customers we're talking about...my bad.
How do you go about confining a worm to country, surely once its on the internet its everywhere?