backtop


Print 21 comment(s) - last by PrinceGaz.. on Nov 9 at 6:55 PM


Owners of jailbroken iPhones who haven't changed their passwords have been rickrolled by a new worm.  (Source: Sophos)
Worm is first known iPhone worm, originated in Australia, may be spreading overseas

Rick Astley, an English singer-songwriter and musician, first became famous for his 1987 hit "Never Gonna Give You Up".  The music industry in the 1990s gave up on Astley, but Astley didn't give up on it.  He managed to recapture attention in 2007 thanks to one of the most infamous viral video crazes.  Links popped up all around the internet to Astley's hit and the term "rickrolling", originally referring to tricking people into watching the video, became a common colloquialism.

Now an internet worm is achieving what Apple has been unable to do -- punish those with jailbroken iPhones (phones freed of Apple's app restrictions).  Sophos, a leading security firm, appears to be the first to have investigated the amusing virus.  The virus, which "rickrolls" users, changing their wallpaper to an image of Rick Astley.  It appears to do little else other than spreading to other jailbroken iPhones in the user's contact list.

The worm can infect any jailbroken iPhone with SSH installed and an unchanged default password.  The password on jailbroken iPhones defaults to "alpine".  Users can change this by installing the MobileTerminal app, available from the Cydia undergound app store, and typing the command passwd.

While the Rick Astley worm appears to be mostly confined to Australia at this point, European iPhone users with jailbroken phones received a similar surprise last week.  A Dutch hacker sent numerous users with jailbroken iPhones a message, demanding they pay him 5 euros.  Like the Astley virus, the hacker took advantage of the fact that many users have jailbroken iPhones with unchanged passwords.  A "trivial" port discovery and login via the SSH protocol later, the hacker was able to post his ransom demand.

The hacker has since recanted and stopped asking people for Paypal payments, and has now posted free instructions of how to protect jailbroken iPhones.  While these incidents may have been mere annoyances, its seems only a matter of time before an actual malicious virus is unleashed on the jailbroken iPhone community.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Aaaand
By Alexstarfire on 11/9/2009 5:31:11 PM , Rating: 0
Actually, it doesn't prove that closed systems are safer. That's just false logic right there. All it proves is that users who don't know any better are going to have problems no matter the platform if they can do what they want. A closed platform isn't necessarily more secure just because it locks users out of third party programs.

Of course, since this "worm" only works by logging in with a default password I'd just say that it's not even a worm and that people are just stupid. It's like having your username and password for the admin account on a sticky note next to the computer. The program is doing exactly what it's supposed to do so it's down to the users. Doesn't matter how well the program was designed in this case since it's not exploiting a hole, except for the fact that jailbroken iPhones all have the same default password for some reason. Not sure why they don't just make you enter a password when the phone gets jailbroken.


"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki