Jailbroken iPhones exposed to second worm, this time malicious
By Vlad Savov 
posted November 23rd 2009 6:40AM
posted November 23rd 2009 6:40AM
As inevitable as the sun rising in the East and setting in the West, an innocuous iPhone worm has been transformed into a malicious bank details-stealing virus. The second recorded iPhone infection operates on exactly the same principles as the first, as it targets jailbroken handsets with SSH installed, but this time adds the ability for the hacker to remotely control and access the phone. By throwing up a purported ING Direct login page, he (or she, or they) can collect your online banking credentials and, presumably, all the cash they are supposed to protect. Presently isolated within the Netherlands, this outbreak may spread further still, as it is capable of infecting other jailbroken iPhones on the same WiFi network.
So I gather one would have to installed SSH in order for this to be an issue.
The reason I wanted to clarify this...to a novice user, it is never obvious if a utility like Erica Utilities included SSH.
To my knowledge I have never specifically installed SSH, but my concern is that it somehow became a tag along.
iphone .....Seems like they keep getting worse. They need to step it up in order to stay on par with other smartphones on the market which are already proven to be better. This might cause someone to skip the iphone as an option all together considering what is at risk. I know I would as a consumer.
Let's not be stupid about this, shall we? This has nothing to do with the fact that it's an iPhone. This has everything to do with the fact that this worm specifically need SSH to be installed with an unmodified password.
How does that have anything to do with Apple? At all? Apple doesn't sell a phone configured like that, so how is this their problem or their fault? If you don't change the default password on your wireless router and people start freeloading off it, do you blame Linksys for that?
Maybe you should actually pay attention to what you are reading...iPhones that can be compromised like this are not factory iPhones...they have been modified by the user. It has nothing to do with Apple. And which smartphones on the market have proven to be better? IMO.... WinMo is crap...Android is close but not quite there yet.
Yes, Apple is behind these. Because iPhones getting worms is such good publicity. Most people don't know what jailbreaking is and they won't know the difference. Hell, look at the comments in this thread. Half the people commenting right here don't even seem to be aware that it has to be jailbroken and SSH needs to be installed in order for this to happen.
And these are allegedly tech-savvy people. And I use the word "savvy" very loosely here. So why would Apple intentionally want to make their phone look like it's vulnerable to viruses again? Which school of marketing teaches that particular strategy?
The thing here is that there is an expectation of security when people buy a smart phone. Problem here is that in order for people to remotely get what they want out of their iphones they need to jailbreak it which negates the security measure. What does this point to? Apple is failing to give people what they want from the iphone and the do it yourself consumer is now paying the price. Iphone simply needs to become something better than what it is. Especially if its to keep up with the slew of now better phones now on the market.
With mac osx you need not worry about all of that harmful malicious software that those windows users deal with......... NAWT ;)
OMG, OSX is an operating system on mac computers. This worms attacks unauthorized hacked cellphones. Clearly who should be able to see the difference.
I was making an ironic joke one, two, what is they call the iphone os? OS X iPhone!!!! DING DING DING
Really? Can you name a virus that runs on OS X? Also, how is it possible that you appear to have read this article, and yet you still don't understand that in order for this worm to work you have to jailbreak your iPhone? And install SSH? And leave the password as default?
In what way is Apple responsible for people jailbreaking their phones and installing SSH without changing the default password? This worm, like any other type of trojan, depends on the user's stupidity rather than being able to simply infect the phone on its own. It's not like it has to crack anything, it simply tries the default SSH password. If you change the password, you completely prevent anything bad from happening.
Seriously, buy a clue please.
I know i know, i read it and i know about it, i have made sure to prevent it from being an issue on any of the iPhones i have jailbroken(none of them mine). i also know its not Apples fault. i was making a joke because this issue keeps creepin up.
Don't get me started on why there are so few viruses for OSX.
Oh no, please get started on the viruses. Let me get you started, in fact.
Fact #1: There are zero viruses for OS X. ZERO. Not "some". Not "few".
Z-E-R-O. NONE. NADA. ZILCH.
Fact #2: Market share has nothing to do with that. Why? Because people have been offered $10,000 to hack into a Mac remotely and nobody could do it. Not "a few people", not "some people". NOBODY.
Fact #3: OS X has been out for almost 9 years. NINE. Do you really think the fact that there are ZERO viruses for OS X after NINE YEARS has anything to do with market share? Because if you do, I have a bridge to sell you. You seem like the gullible type.
Fact #4: There is no shortage of people around the world who would love to be the first person to create a working virus for OS X, just to shove it in Steve Jobs' face. Make no mistake here, putting a working virus out for OS X is a hacker's holy grail.
Fact #5: OS X ships with all ports closed by default and root access is not enabled. This is the main reason OS X and other various flavors of unix are so difficult if not impossible to write working viruses for. How does a virus get root access if root isn't enabled? You answer that, and you're obviously smarter than every other hacker who's tried to write a working virus for OS X.
Honestly, theres this neat new tool i found called google, funny play on the number eh?
Results 1 - 10 of about 9,610,000 for windows viruses. (0.29 seconds)
Results 1 - 10 of about 9,220,000 for mac viruses. (0.34 seconds)
now let me get back to what i was doing, please and thank you.
Fact 2 huh?
http://www.macworld.com/article/132733/2008/03/hack.html
There might not be any viruses for Mac OSX, but there are definately trojans. IWorkTrojan and Adobe CS4 Trojan to name 2 of the popular ones.
The main reason of mac osx is because of market share. it's not worth the time and effort to hack unix for the small amount of market share.
Yes, Mac OSX uses Unix, which is relatively safer than Windows, but NOTHING is unhackable.
LOL. Are you trying to prove that you're a dumbass? No, here's a novel idea: NAME an OS X Virus. Just one. Go ahead, see if you can do it. Oh, and make sure you know the difference between a virus and a trojan too. Lots of nubs get those confused.
Seriously, you think a Google link to anything that matches the words "mac" and "virus" somehow means there are viruses for OS X? Did you even look at the links that came up when you did that search? Did you see the ones that said "Why there are no viruses for Mac"?
I mean, seriously. LOL.
@t3trisnoob: Oh god, somebody else who doesn't know how to read. Why do I have to explain this every single time? That Mac was not HACKED. The only reason the "hacker" was able to exploit that vulnerability in Safari was specifically because on day 2 of that contest, they relaxed the rules and gave all the "hackers" LOCAL ADMIN ACCESS.
I'll say that again: The hackers had LOCAL ADMIN ACCESS. It means that their "hack" was only able to take effect after somebody that was physically sitting in front of the Mac entered the admin password. TWICE.
Do you call that hacking? If I give you my admin password and you sit in front of my Mac and enter it, is that a hack? No. Obviously. What people like you who link to that article fail to realize is that day one of that contest was for the hackers to get into the computers remotely. None of them could do it. NONE OF THEM. That is why this "hack" didn't happen until day TWO. You know, when they were given LOCAL ADMIN ACCESS.
Which is why I said nobody has been able to hack into OS X yet. Because nobody HAS.
Go read it again, he was able to disguise websites as trojans to do malicious work. it's just like how the original iPhone jailbreak was, a TIFF exploit that broke down the security. Anybody could go to a website, either by phishing or accident. Websites with malicious code does not count as admin access.
I'll give the fact that none of the machines were able to get into by brute force through local line, which is true, but that means that both Unix and Windows have decent security around them.
The key thing is, most mac users are not computer savvy, who bought their computers because they believe they can't have "viruses". To the average end user, there is no difference between viruses, trojans, and worms, as they're all malicious programs effecting computers. With simple website exploits breaking down the barriers of a mac, the security and reliability for most mac users are compromised.
Those who know what they're doing won't ever get an infection, no matter what machine they're on, and those who don't know will get some kind of infection no matter what preventive measures are taken.
Dude. Neither phishing nor "by accident" counts as HACKING. Yes, there was a hole in Safari that Apple patched two days after the contest. No, nobody was able to exploit that hole until they were given LOCAL ADMIN ACCESS. Capice? The entire point is that the only way to exploit that hole was for somebody to physically click on a link or to manually navigate to a site. That means it was social engineering. Not a virus, and not a hack.
And while your post is well reasoned, it doesn't contradict anything I said. There are no viruses for OS X. Nobody has been able to hack OS X. The only possible way right now for anything bad to happen to a Mac is specifically by phishing or a trojan, both of which require user interaction, and both of which will work on ANY OTHER SYSTEM, including Unix, Linux, and Windows. Nobody is claiming Macs are immune to things that users enable. No computer or operating system is immune to that.
There are no viruses for the Mac because nobody has been able to make one run on its own without being given permission from the end user. That's the point.
I see. I guess I'm using the term "hacking" and "viruses" loosely like regular end users would use. My mistake. I assume from your first post as those loose definitions. If you specifically mean breaking down then that's almost impossible (as of right now) due to the structure of unix. However, it's not just Mac OSX as anything w/ a unix core has the same protection. In the end, it's not "Mac OSX" that has powerful protection agaisnt hacking, but Unix that has the protection.
Damn, and here's me without my tin hat today...
Again. Why jailbreak it? When I had my first iPhone brought in from the USA I had to jailbreak and hack the s''' out of it. Couldn't update and so on. My 3GS not jailbroken is pure sex. Loads of apps and fast as hell. Oh, and I can update it whenever I want to. It's awesome.
"Why jailbreak it?"
SBSettings for one. It allows you to enable/disable Wi-Fi, 3G, Bluetooth (and much more) with ease from within any app. You can even use it to adjust the display brightness. Gone is the tedium of opening up Settings just to enable Wi-Fi.
@Jack Your comment reminds me of the movie "Thank you for Smoking" where the spokesman says they want smokers to live so they can keep selling more cigarettes. http://www.youtube.com/watch?v=MQhPS2jIHt0
HAHAHA you should never jailbreak it in the first place. lool
All of these misinformed comments on here about this worm are going to prove to be bad publicity for Apple regardless of the fact that the worm can only infect your device if jailbroken and has SSH installed with the default password. Someone watching this on the news is only going to hear "MALICIOUS WORM HACKS INTO IPHONE'S EVERYWHERE AND STEALS BANKING INFORMATION!!".
TERRORISM!
However silly, I think it'd be entertaining to see people iPods and iPhones with malware on them.
@Mr Smiley
After one of the earlier hacks, Jay Freeman (aka Saurik, aka the creator of Cydia) posted about that on Twitter:
"I actually wanted Cydia to enforce changing passwords over a year ago, and I got massively frowned at by the user community. :("
Pffff....Stop spreading that sh*t, Apple, otherwise some "mean" hacker from Russia, will hack your mail, like with the climate scientists assholes, and you'll get exposed !!!
@Jack
So Apple can continue to make money through the App Store, and not getting their revenue stolen by Installous.
i know a real simple fix to this problem: don't jailbreak your iphone unless you actually know what you are doing. i know it's tempting to get free apps but it is ILLEGAL!