First iPhone Worm Discovered, Rickrolls Jailbroken Phones

Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"

Summary: it affects ignorant fools

[Nimey]

FFS, why is there even a default password on sshd for the jailbroken phones? It should default to being disabled and then require you enter your own password when it's enabled.

Narrow Band detector

[MasterOfGoingFaster]

So this worm is aimed at people are are smart enough to jailbreak an iPhone, but stupid enough not to change a default password. Sounds like a narrow band detection device.

Re:So...

[bjackson1]

Yeah, it's the same kind of thing as Windows... Like if a user installed a remote management protocol, then left the default password on it, and then wondered why they got hacked so easily...

Not to mention this is NOT apple's software, or anything that apple sanctioned on their phone. It is from hacked phones. Sadly, this will do nothing but make Apple more sure that they should not open up the iPhone platform more.

Re:Summary: it affects ignorant fools

[99BottlesOfBeerInMyF]

...why is there even a default password on sshd for the jailbroken phones?

Probably because the people writing an SSH client for a hacked version of a cell phone have little or no incentive to spend time working on details like requiring the user to input a password when the client is installed. Look if you're going to jailbreak your cellphone and start adding network services like SSH, with very limited user types, you should probably have a clue what you're doing in the first place. I put this right up there with people running Apache on their home Windows XP machine and getting compromised when they don't update it regularly.

arguably Apple share the blame

[CdBee]

the attempts Apple makes to maintain control of devices they have sold are not dissimilar to the fanaticism shown by some of the more unbalanced elements of the user-base. Beyond the pale.

If their selling strategy for the iPhone was more in line with their competitors, and it could be bought unlocked / without lockdowns on application installation, off-the-shelf as most rivals can, we probably wouldnt need the jailbreaking scene and nor would the virus be spreading this way.

Re:SSH

[dingen]

Encryption isn't very useful if everyone uses the same key.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not Apple though

[SuperKendall]

The vulnerability does not happen on any iPhone coming directly from Apple. It's only devices that are jailbroken, then only devices that have sshd installed, and then only devices where those users left the default password in place because, hey - who is going to scan for an iPhone in a coffee shop?

I agree generally with your point about a monoculture, but this is not it. It's a stupid default on a security tool shipped by a third party, that a smaller percentage of users will have (though the last I head the jailbroken iPhone population was north of a million so it's still significant).

Re:What does this mean exactly? how to fix?

[tgd]

And on top of that, leave it running.

SBSettings, folks. Turn it on when you need it. If you're not using it, why leave it on even if you have changed the password?

Re:arguably Apple share the blame

[mat128]

This isn't OpenSSH developers' problem. The jailbreaking utility should prompt you to change your root password. SSH is only allowing you to remotely log on the device, in the end if your password is weak/default, you shouldn't run an SSH server.

Re:arguably Apple share the blame

[onefriedrice]

And I agree with stillpixel. I wouldn't be shocked if Apple themselves had a hand in this.

Oh brother. Apple doesn't care what you do with the iPhone, but they do have to close the holes that enable jailbreaking because they're security holes through which Something Bad could go to Do Something Bad. It's one thing to say that Apple is actively against jailbreaking and otherwise doing whatever you want with the phone (a popular and ridiculous notion often bandied about here), but it's quite another thing to realize that they don't care all that much but still have to close the holes. Thinking that Apple someone had a hand in creating this "worm" for jailbroken iPhones is not only considerably misguided (and unfounded), it's utterly moronic.

Re:arguably Apple share the blame

[DavidTC]

Except there's no into the command line except SSH, and hence no way to change the password.

'First run' behavior is pretty meaningless when it's a daemon process installed from an interface that doesn't allow it to prompt.

Re:DEFAULT PASSWORD?

[UnknowingFool]

For this exploit to occur 3 things must happen:

1. Consumer must jailbreak phone.
2. Consumer must install SSH.
3. Consumer must not reset root password.

You typical "ooooh shiny" mass-market Apple consumer generally does not do #1 above much less the two other things.

Re:So...

[secolactico]

Cellular phone + RTFM or it will get broke into = _serious_ usability flaw

Yes, but what makes you think jailbreaking apps writers are interested in usability? It seems to me that if you are taking a device and making it perform outside its manufacturer-specified parameters, you are taking that responsibility upon yourself. If you are using your own tools or something provided by a third party is irrelevant.

How is this worse (responsibility-wise) than having a phone bricked because of a botched jailbreaking attempt?

I'm not writing off the users as stupid, but they are certainly not blameless.

Re:arguably Apple share the blame

[bhartman34]

Apple doesn't care what you do with the iPhone, but they do have to close the holes that enable jailbreaking because they're security holes through which Something Bad could go to Do Something Bad.

Apple absolutely does care what you do with the iPhone. That's why they've updated the ROM [iphonehacks.com] in newer 3Gs models to prevent jailbreaking.

If Apple was okay with jailbreaking, and just interested in closing security holes, they would work on those holes, rather than on preventing jailbreaking altogether. (In fact, that's exactly what Palm does do. One of the first methods to install apps on a Pre was to e-mail yourself a link to an application. Palm (rightfully) closed that hole, but left intact the ability to root a Pre.

And I agree with stillpixel. I wouldn't be shocked if Apple themselves had a hand in this.

Thinking that Apple someone had a hand in creating this "worm" for jailbroken iPhones is not only considerably misguided (and unfounded), it's utterly moronic.

I didn't say I believe that Apple had a hand in it. I said I wouldn't be shocked if they did. They've got a vested interest in keeping people from jailbreaking, and this kind of thing (especially because it's relatively innocuous) fits the bill.

Re:arguably Apple share the blame

[Anonymous Coward]

'First run' behavior is pretty meaningless when it's a daemon process installed from an interface that doesn't allow it to prompt.

You mean, There isn't an app for that?