A hacker going by the name ikee has created a virus that attacks Jailbroken iPhones, replacing their background with a picture of Rick Astley, thereby RickRolling anyone who becomes affects. As hilarious as it is easy to prevent, the worm still highlights a security issue that we touched on last week. Not all Jailbroken iPhones are vulnerable to the worm and those who are can easily prevent it from getting a toehold on their phone.
The worm is a simple one that uses the SSH protocol, a secure file-transfer method, to log on to your iPhone and change the background. SSH is not installed by default with most Jailbreak methods, however it can be automatically installed by many popular Jailbreak apps, so you could have it on your iPhone and enabled without even knowing it.
The problem stems from the fact that once SSH is installed, it immediately becomes active and all iPhones by default have the same master password for SSH. This means that anyone that can find your iPhone’s IP address can log on to your iPhone and change files. Now if they had to find your IP manually and do it themselves, this would not really make for much of a worm. But this particular worm was designed to automatically scan for IP addresses of the carrier Vodafone (AKA Optus/Telestra) in Australia, where the worm originated, then infect those phones automatically. The worm then begins searching from that iPhone for others that are vulnerable and infects them. So on and so forth.
It hasn’t been confirmed that the worm has spread beyond Australia, but if some slight modifications were made to adjust the IP ranges to AT&T’s for example, this could spread like wildfire throughout the US.
When asked why he created the worm, hacker ikee made this statement:
First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)…Secondly i was quite amazed by the number of people who didn’t RTFM and change their default passwords.
In fact, all most people have to do to prevent anything like this from ever happening to them is to change their default password for SSH. It’s a simple procedure that I wrote a tutorial for this morning. If you haven’t done it already, please do so now.
I could never really agree with anyone that modifies another persons device without permission, but in some ways he did the community a bit of service, because many Jailbreakers don’t even take the simple precaution of changing the default SSH password on their iPhones. In fact most people aren’t even aware that they have SSH installed, much less that it has a password. At the very least, this worm is helping to raise awareness of this simple security fix.
Leave Your Response