backtop


Print 47 comment(s) - last by pickymeek.. on Nov 24 at 6:49 PM

Jailbroken iPhone users with SSH and a default password are the target

The iPhone is one of the most popular smartphones on the market. By most accounts, the iPhone is the most likely of all smartphones to be used on the internet to access files on the go. There are also a growing number of iPhone users who are jailbreaking the devices to use unauthorized Apple software or to use the devices on other carrier networks.

Over the last few weeks, a worm targeted specifically at iPhones which are jailbroken and have SSH installed with the default password was found. The original worm was nothing more than an irritation and would change the background image of the iPhone to a picture of washed up pop star Rick Astley. Embarrassing for sure, but hardly what most would consider malicious.

A similar worm targeting jailbroken iPhones with SSH and the default password -- alpine -- is making its rounds in the Netherlands. The new worm is different from the first in that the latest is clearly malicious and has a financial motive behind it for the worm maker. BBC News reports that security firm F-Secure discovered the worm and that it targets users of Dutch online bank ING. The worm infects the iPhone and redirects the user to a fake login page.

Mikko Hypponen from F-Secure told BBC News, "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it."

At least for now the worm is limited to the Netherlands. However, the security firm points out that the worm could spread to more countries. The number of iPhones thought to be infected numbers only in hundreds. The worm is capable of spreading itself to other vulnerable iPhones that are connected to the same hotspot. A representative from ING told BBC News that it has alerted call center personal and that an official message would be placed on the ING bank website.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Wait a cotton pickin minute....
By Cheesew1z69 on 11/23/2009 9:42:51 AM , Rating: 5
I thought Apple products were impenetrable? Oh man.....




RE: Wait a cotton pickin minute....
By AshT on 11/23/09, Rating: -1
RE: Wait a cotton pickin minute....
By Chris Peredun on 11/23/2009 9:50:19 AM , Rating: 5
Microsoft patches pirated copies of Windows.

(Critical updates only, but those are the, well, critical ones.)


RE: Wait a cotton pickin minute....
By AshT on 11/23/09, Rating: 0
RE: Wait a cotton pickin minute....
By AshT on 11/23/2009 9:59:12 AM , Rating: 2
On a side note, iFarm is so damn addictive.


RE: Wait a cotton pickin minute....
By stmok on 11/23/2009 10:17:55 AM , Rating: 2
Microsoft can't protect you if you do dumb things like customise your Windows install with nLite/vLite, and use the Administrator account with an easy to guess OR no password on a regular basis.

Read the article carefully folks...

quote:
iPhones which are jailbroken and have SSH installed with the default password was found.


SSH and the default password...The password is the root password.

"Root" is equivalent to Windows's "System" privileges. Meaning if you gain control of that account, you have total access to that system.

How To: Change Your iPhone’s Default SSH Password
http://www.cultofmac.com/how-to-change-your-iphone...

If you don't use SSH, then disable it.

The situation is no different to people buying home marketed routers/firewalls and not changing the default password.


By nevermore781 on 11/23/2009 2:39:51 PM , Rating: 2
LOL - this whole thing cracks me up. It is indeed the jailbreak/install of ssh through cydia/lack of instructions during jailbreaking that is causing this and not a failure of Apple. If I am installing something, i usually like to know WHY i am installing it and not just following some blog post on how to do it. This is what happens when the hack becomes so easy that even your standard 'user' can f it up.


RE: Wait a cotton pickin minute....
By michael2k on 11/23/2009 10:58:52 AM , Rating: 2
So does Apple, patch jailbroken iPhones.

People just jailbreak them again, reintroducing the vulnerability.


RE: Wait a cotton pickin minute....
By chick0n on 11/23/09, Rating: -1
RE: Wait a cotton pickin minute....
By michael2k on 11/23/2009 12:23:38 PM , Rating: 2
A default root password with SSH is a vulnerability.

Just like an unlocked door is a vulnerability.


By Alexstarfire on 11/23/2009 11:16:02 PM , Rating: 3
If stupidity is a vulnerability then most of the world is screwed.


By SteveIsMyiConArtist on 11/23/2009 7:28:00 PM , Rating: 2
Let this be a lesson to all the nincumpoops who spend a small fortune on iCrap garbage from crApple.
Also, it is obvious who wrote this iPhone Virus/Worm, since certain racist criminal crook$$ are allowed to commit any criminal felony they want to since the law does not apply to certain people.
Keep programming your credit card numbers on your iCrap and giving them to your kids to by iFart iPhone applications from crApple.


RE: Wait a cotton pickin minute....
By Awax on 11/23/2009 11:16:14 AM , Rating: 2
They do : they regularly release firmware updates that reset jailbroken iPhone hence removing unsigned application from them and that close the security hole used by jailbreaking software.

It is funny how the same hole in the kernel security can be at the same time a must have for jailbreakers and an security threat when exploited by malware.


RE: Wait a cotton pickin minute....
By Marlonsm on 11/23/2009 11:25:31 AM , Rating: 5
When MS gets a new virus:
"zOMG!!!!111!!!11 M$$$ makes such horrible stuff, their products are so insecure"

When Apple gets a new virus:
"It's the user's fault, of course, Apple has nothing to do with it

I'm not saying that one company is better, I'm just pointing the reaction I usually see...


RE: Wait a cotton pickin minute....
By Nacho on 11/23/2009 4:05:24 PM , Rating: 1
In this case Apple has nothing to do with it. The vulnerability is introduced when the user jailbreaks the phone, installs SSH AND leaves the default password.


RE: Wait a cotton pickin minute....
By tjr508 on 11/23/2009 1:32:51 PM , Rating: 2
I don't, but do you remember the foul cries when Apple released an update that didn't support the popular jailbreak?


RE: Wait a cotton pickin minute....
By AshT on 11/24/09, Rating: 0
RE: Wait a cotton pickin minute....
By Spivonious on 11/23/2009 10:09:49 AM , Rating: 5
Security through obscurity doesn't work when you've sold 21 million units.


RE: Wait a cotton pickin minute....
By Awax on 11/23/09, Rating: -1
RE: Wait a cotton pickin minute....
By SiN on 11/23/2009 12:07:24 PM , Rating: 2
I rated you up, but meant to rate you down. No undo button for ratings i guess.

Anyway, as is pointed out before, it is Apples flawed security that allows jail braking and allows the worm to operate. The same way it would be MS's security flaw if the same happened.

So Apples finds itself in MS's position with market saturation of an Operating System which becomes targeted, everyone knew it was coming, and i guess we can all expect more of the same.
Apple still has a malicious worm, thats a matter of fact.

On a side note i quite like apple products, as i like others. I prefer Android to the iPhone though, i would expect android to be the next target as soon as it reaches market saturation.


By sprockkets on 11/23/2009 2:46:07 PM , Rating: 1
quote:
Anyway, as is pointed out before, it is Apples flawed security that allows jail braking and allows the worm to operate. The same way it would be MS's security flaw if the same happened.


Should we be angry at Microsoft since they also has that same "flawed" security by allowing users to turn off UAC and allows stuff to run without system checks?

Oh wait, nevermind, WinMob and Android with its anyone can make self-signed certificates has no security on their devices whatsoever.


RE: Wait a cotton pickin minute....
By SunAngel on 11/23/2009 10:20:59 AM , Rating: 1
So...I guess you were expecting honor amongst hackers. Maybe in a puritian society, but even then expect a little foreplay.


RE: Wait a cotton pickin minute....
By leexgx on 11/23/2009 11:20:42 AM , Rating: 2
if i could i rate you down i would, has nothing to do with apple software its the jailbrake software that makes the problem that starts SSH and uses an Default user name and password, the jailbrakeing software just needs updating thats all to so it does not enable it or at least Forces you to change it


By rippleyaliens on 11/23/2009 11:23:59 AM , Rating: 2
WELL now we have an app for that!!!!
Seriously, it is that time. Being a consumer/customer doesn't= intelligent!!! Nor does a phone from any company = non-hakdable..


RE: Wait a cotton pickin minute....
By Tony Swash on 11/23/09, Rating: 0
RE: Wait a cotton pickin minute....
By tjr508 on 11/23/09, Rating: 0
By SteveIsMyiConArtist on 11/23/2009 7:26:29 PM , Rating: 3
Let this be a lesson to all the nincumpoops who spend a small fortune on iCrap garbage from crApple.
Also, it is obvious who wrote this iPhone Virus/Worm, since certain racist criminal crook$$ are allowed to commit any criminal felony they want to since the law does not apply to certain people.


By hashish2020 on 11/24/2009 6:01:21 AM , Rating: 2
They aren't. Apple users, on the other hand, are penetrable, but use protection, because they think they can't pick up viruses.


By pickymeek on 11/24/2009 6:49:32 PM , Rating: 2
how many non jailbroken iphones are being compromised? i'd be willing to bet it's not that many (if any at all). It's not Apple's fault, it's the idiots that kept the default SSH password that are to blame.


Security through imprisonment is stupid
By AyashiKaibutsu on 11/23/2009 1:51:47 PM , Rating: 3
I could take my computer or phone and bury it 50 feet underground. They'd never get any sort of malicious software; it'd be perfectly "secure". Security through disabling functionality isn't a feature, and anything using such a method shouldn't be touted as having great security. It's actually a terrible way to secure something.




RE: Security through imprisonment is stupid
By Tony Swash on 11/23/2009 3:13:03 PM , Rating: 1
What a silly analogy. Apple created a very secure and stable and complex platform for their phone which allowed it to offer their customers a user experience which has proved hugely popular.

Some of these customers, despite lots of warnings, have chosen to break that secure and stable system (rather than, say, buying a different phone that doesn't have the Apple approach to security) and the result is that their phones get hacked with malicious exploits.

Looks like a case of tough sh*t to me - what the hell did they expect!


RE: Security through imprisonment is stupid
By AyashiKaibutsu on 11/23/2009 3:26:44 PM , Rating: 2
They were idiots given ample warning of the vulnerability. Apple has shown bias in their acceptance of software, and that many people go out of their way to break from their system shows it's not as popular as you think, but more that many just accept it for lack of alternatives (although more options are appearing now).

I'm sure if whenever someone first started their iPhone and got asked if they wanted a secure system that was spoonfed the aps apple wants them to have or free to install what they want but with vulnerabilities, most people would pick the later.


By Tony Swash on 11/23/2009 7:15:45 PM , Rating: 2
quote:
I'm sure if whenever someone first started their iPhone and got asked if they wanted a secure system that was spoonfed the aps apple wants them to have or free to install what they want but with vulnerabilities, most people would pick the later.


I think you are totally wrong. I think most people (particularly given the widespread experiences with insecure Windows based PCs) want a stable and secure phone and are very happy to have a 100,000 vetted and safe apps to choose from. Every indicator points to the Apple phone model being extremely successful in the market place.

If people want to fiddle about technically with their iPhones, and in the process breaking the security system and opening themselves up to hacks and attacks, then they can - I think they are being silly but its their phones. Why should Apple help them?


By tjr508 on 11/23/2009 9:25:44 PM , Rating: 2
quote:
Security through disabling functionality isn't a feature


It's more of a law than anything. There is definitely a relationship between the two.


Question
By Digimonkey on 11/23/2009 10:58:18 AM , Rating: 2
Why is there a user account with a default password available via ssh? That's the dumbest thing I've heard.




RE: Question
By michael2k on 11/23/2009 11:00:52 AM , Rating: 2
It's only there if you jailbreak your phone.

Stock phones have no user account with default password, nor ssh.


RE: Question
By Bateluer on 11/23/2009 11:50:38 AM , Rating: 2
Apple customers don't want SSH, per Steve Jobs.


RE: Question
By SavagePotato on 11/23/2009 6:30:03 PM , Rating: 2
99.95% of Apple customers probably don't know what SSH is.


No sympathy
By Bateluer on 11/23/2009 10:20:11 AM , Rating: 2
We saw only a week ago how these worms spread and the fix to stop the worm in its tracks was easy to do. Change the root password and/or disable SSH if its not needed.

For those that didn't bother or didn't pay attention, I have no sympathy.




RE: No sympathy
By PrinceGaz on 11/23/2009 2:16:09 PM , Rating: 2
I agree. I suppose the problem is that I suspect a lot more non-techy users decided to jailbreak after they heard about hoe wasy it was to run blackra1n.

Whilst blackra1n does not itself install SSH, an awful lot of sites published guides which listed steps to perform after having run blackra1n to make the most of it, which usually included installing OpenSSH through Cydia, without really explaining why you would want to, or what it does, and not mentioning the security risk it poses. If anything, those sites which published such guides without security advice are as much to blame as the user who didn't know what they were doing.


Hello!!?!
By dajeepster on 11/23/2009 12:10:05 PM , Rating: 2
Everyone knows worms like apples.

:D




You got...
By acase on 11/23/2009 1:59:44 PM , Rating: 2
iRickRolled!




By cruisin3style on 11/23/2009 10:23:23 PM , Rating: 2
If you are going to feature a quote in your article, please do not include what the quote says, almost verbatim, in your own writing within the article.




By allstar on 11/24/2009 2:23:54 AM , Rating: 2
Now AT&T can say they have access to over 100,000 apps...and 2 viruses.




By SteveIsMyiConArtist on 11/23/2009 7:25:22 PM , Rating: 1
Let this be a lesson to all the nincumpoops who spend a small fortune on iCrap garbage from crApple.
Also, it is obvious who wrote this iPhone Virus/Worm, since certain racist criminal crook$$ are allowed to commit any criminal felony they want to since the law does not apply to certain people.




"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki