Worm rickrolls unsecured jailbroken iPhones via SSH
For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH. Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. Still confused? Let's back up a bit.On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. This hack can only affect people who chose not to change that password -- no one else.
This hack originated in Australia, the home country of ikee, and has possibly spread to other iPhones in other countries, but we've been unable to verify that. A gentleman by the name of JD held an interview with the hacker over IRC and posted it to his blog. In ikee's own words, here's how the worm has spread:
Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again....The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on.
Luckily for the jailbreakers in the audience who may have been affected, there's really no harm done -- at least not with this version of the worm. According to the hacker, this was more of an experiment than anything else. The worm changes your background and then disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage. For instructions on how to delete this worm, read JD's interview with ikee. I would recommend reading the interview just for the information it presents; I found it pretty interesting. If you've got a jailbroken iPhone or iPod touch and you've never changed the default device password, now's the time. Here's how, if you are using terminal:
Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.
That's it. Please remember to be responsibly secure with your devices. Hackers like ikee are troublesome, but this could have been much worse. While I don't personally condone his actions, he's prevented a lot of people from being vulnerable to more malicious attacks later down the road.
Thanks, James!
Share
Categories
For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A...
Add a Comment
http://www.iphone-hacks.com/2009/11/21/new-iphone-worm-stealing-your-sensitive-data/
November 22 2009 at 12:40 AM Report abuse Permalink rate up rate down ReplyThere's a new worm that gets access to your personal data and steals it. Contacts, text messages, email, photos, music everything
November 22 2009 at 12:39 AM Report abuse Permalink rate up rate down ReplyServes idiotic people right.
November 09 2009 at 1:08 PM Report abuse Permalink rate up rate down ReplyI'm going to go out on a limb here and say that if you consider yourself geek enough to install an ssh server on your iphone and you don't change the root password, YOU DESERVE TO BE RICKROLLED (at the very least).
November 09 2009 at 12:07 PM Report abuse Permalink rate up rate down ReplyThis follows a week after
http://www.tuaw.com/2009/11/03/dutch-hacker-accesses-jailbroken-iphones-requests-5/
Not condoning the hacker, but maybe people will finally pay attention to their passwords.
It may be a good idea to disallow ssh root login generally. So if you don't need to connect to your phones via ssh as root, edit the file /etc/ssh/sshd_config.
Search for the Line
#PermitRootLogin yes
and change it to
PermitRootLogin no
Much easier way is just use Mobile Terminal [get from Cydia] and type su
Then type alpine
Then type passwd
Then type new PW - whatever that may be
Then type it again
Done
I get a kick out of these continuing mishaps for jailbreakers because I really don't care for their 'I'm smarter than Apple' attitude.
November 08 2009 at 9:24 PM Report abuse Permalink rate up rate down ReplyYou can, but every time you re-boot your phone it turns back on.
It's just a good idea to change your password in general. You don't leave your router password to the default password, do you?
Ugh now the bloggers and tech sites will be spreading all sorts of FUD and verbal trash about the iPhone, osx, etc.
November 08 2009 at 2:03 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Used Apple MacBook Pro Core i5 2.4GHz 13" Laptop for $900 + free shipping
- Case Logic Case for iPad for $10 + free shipping
- Belkin Shield Micra for iPhone 4 or 4S for $10 + $5 s&h
- MoGo Talk XD Bluetooth Headset / Case for iPhone 4 for $20 + free shipping
- Photoshop Elements 10 and Premiere 10 for PC & Mac $60 + $7 s&h
- Apple Wireless Bluetooth Keyboard for $40 + $10 s&h
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
31 Comments