First Malicious iPhone Worm In the Wild

An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."

hmmm. passwd

[epilido]

how about changing the default password............

Excessive?

[ickleberry]

Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present.

That seems a bit excessive when a simple one-time usage of the included "passwd" utility will suffice. Srsly though, jailbreaking utilities should be pestering users to change their password from the default because this is only scaring less-knowledgeable folk into thinking Jailbreak == viruses

Why a default password?

[harmonise]

why is SSH being installed with a default password left in place? Talk about asking for trouble.

Re:ROFL

[nurb432]

Odd, the story called it a WORM.. which it is.

Re:Excessive?

[maccodemonkey]

Unless you are already infected and you don't know it, then changing the password does nothing.

Abstraction

[gmuslera]

You just do this and that happens. As in "you run this and your phone gets even more awesome" or "you'll shut down your firewall be able to get movies in your pc" or things like that. But you dont have to understand what are really doing, or all that it implies. People are getting powerful things, and as childs are irresponsible about what could happen because their actions because they don't understand them.

It seem plain clear to us that having a common, default admin passwords in all the jailbroken devices is a very bad policy, but how many times we could had fell in a similar situation were are us who don't understand fully what we are using i.e. in other areas?

To make things worse, we complain a lot about products that takes the "safest" choice for us, not giving enough control/customization to the final (knowing enough?) user, making those impopular and so not taken even by the people that don't know (or don't want to know).

Re:Why a default password?

[Fahrvergnuugen]

Because a lot of people who use these jailbreak tools have no idea what they are doing.

Re:Excessive?

[Anonymous Coward]

Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure that their phone is bricked and completely unusable

Fixed the article

Re:Excessive?

[TJamieson]

Isn't it also interesting that the fix is to, basically, un-jailbreak as soon as possible. If I were more of a conspiracy theorist, I would think Apple might have an interest in showing just how "bad" jailbreaking can be. Apple: See, if you jailbreak, you'll get a special phone worm!

How is this going to get made Apple's fault?

[BlueBoxSW.com]

So Apple has been working hard to keep jailbreaking down to a minimum. Now it is discovered that some jailbroken phones with jailbroken apps have security issues.

How is someone going to now turn this around and blame Apple?

Re:Oh, Dutch...

[dingen]

gejailbreakte
I love it.

Sadly, the language is full of these sort of things nowadays... give it another decade and Dutch will be fully understandable for people who speak English.

Re:Why is there a default password at all?

[marcansoft]

The default install doesn't come with OpenSSH anyway. If you deliberately install OpenSSH (to access your stuff using WiFi, which is why most people do) and fail to change your password (which should be blatantly obvious, since it's what you'll be using to access the phone over WiFi), well, shame on you. If you can't deduce that anyone can access your phone remotely just as well as you can, you shouldn't be doing these things.

Really, a good part of the blame is probably on tutorials and guides out there that tell you to install OpenSSH and don't mention changing your password (or don't mention it in bold/red enough text). Smart people change their password, and dumb people don't go messing with a weirdly-named package that isn't listed under the "user-friendly GUI stuff" categories. It takes a poorly-written tutorial to bridge the gap.

FWIW, the default passwords are already there on Apple's OS. Jailbreaking by itself doesn't make the phone any less secure because it only lets you install unsigned apps. It's installing OpenSSH that suddenly turns the default passwords into a huge security hole. If OpenSSH were hypothetically available on the App store, the issue would still be present.

Re:Excessive?

[ickleberry]

No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone. Jailbreaking utilities really should prompt the user for a new root password before they can continue, so there would be no point in even writing these worms.
,

Re:ROFL

[ourcraft]

Booth stopped rotting a long time ago. As such he no longer stinks. Not stinking is hardly enough to be called a patriot. I can think of nothing else to recommend him.

Re:Excessive?

[Rexdude]

No reason ordinary folk shouldn't be allowed to enjoy the benefits of an un-crippled, unrestricted phone.

If having an unrestricted device is so important to them, why buy an iPhone at all ?
Every other smartphone lets you use the network provider you want, or install the apps you want from anywhere.