iPhone worm author really goes to work
While you have to go to quite some lengths to be vulnerable to it, jailbroken iPhones have been under fire for susceptibility to a particular SSH-based type of worm that has seen a lot of press lately. One of the developers, Ashley Towns, who helped to get the "rick" rolling, as it were, has just announced his employment at an iPhone game firm.Sophos is reporting that he'll be taking up shop at mogeneration, the developer responsible for such hits as Xumii [iTunes link], a cross-social networking communication app, and Moo Shake! [iTunes link], a farm-based activity game for kids. It is an interesting turn of events given that mogeneration even reported on the topic of Ashley's now-infamous rickrolling iPhone worm.
I personally think that there is a lot of potential for coders of malware to embark on legitimate careers as developers coding for good. However, I don't favor the thought that malware developers are essentially getting 'rewarded' for their dangerous work. There is nothing from mogeneration to imply that Towns was hired based on the notoriety of his SSH-based worm, but I can't help thinking that there are other, more talented iPhone developers who have stayed below the radar by not writing malware.
I want to know what you think. Should developers of intentionally malicious software be given a clean slate and a new life? Or perhaps should they be feeling the effects of the law's very long arms?
[via Techmeme]
Share
Categories
While you have to go to quite some lengths to be vulnerable to it, jailbroken iPhones have been under fire for susceptibility to a...
Add a Comment
of course they should be hired and all their work doubly scrutinized, and since he is an admitted wrong doer, anyone who was affected by his malware whould be able to participate in a class action tort against him and recover damages and punitive awards against him. So yes he should be working his ass off to pay back every one he harmed. If he can't do that, then he should not be able to use a computer at all, it's better than going to jail, because he is after all just a criminal.
November 28 2009 at 6:59 PM Report abuse Permalink rate up rate down ReplyOk, this was know to people that jailbroken the iPhone. It was basic code so I hope he
has other talents for developing to keep his job.
But in a security view he gave others the idea to use this same method and cause harm. Did you not read about the worm that fished ING bank account login information. His may not have been that harmfull but he started the threat for others to use the ssh login for malitiouse reasons.
The striking thing about reading the comments of the pro hacker people is that they are not telling the truth about Ashley Towns. He did charge people money to regain control of their jailbroken iPhones until bad publicity forced him to back down. If he does something illegal while working for these developers, they will be held liable. You have to wonder if they considered that before hiring him.
November 27 2009 at 7:03 PM Report abuse Permalink rate up rate down ReplyHe did charge people money to regain control of their jailbroken iPhones until bad publicity forced him to back down
First time I heard about that. There was a Dutch hacker who did that though:
http://www.tuaw.com/2009/11/03/dutch-hacker-accesses-jailbroken-iphones-requests-5/
Disagree in this particular case. It wasn't a malicious worm and wasn't widespread enough to do any real harm. Considering the number of iPhones at risk for this type of exploit I think it's hard to argue that the publicity wasn't beneficial. And he was polite enough to plug the hole back up to prevent any other hackers from gaining entrance.
It's like noticing your neighbors door is standing wide open with no car in the driveway and being nice enough to lock it for them but only after leaving them a note written on a Rick Astley poster.
You really have to look at it from the perspective of white hat and black hat hackers... if your doing bad things to people you need to be put in jail... if your joking with people and just playing around and it ultimately helps people know that they need to fix something wrong with there computer/phone then i call you a white hat and think you should be given a award... but if your doing it to be malicious and destroy or take information you need to be thrown in prison... Almost every security/programing company employees white hat hackers to test and make sure that there programs are secure...
November 26 2009 at 9:27 PM Report abuse Permalink rate up rate down ReplyI might go so far as to point out that the people being affected, should themselves, be punished - if one is to apply the righteous ire that the author is espousing. After all, they violated the EULA that specifically forbids the jailbreak in the first place. By the implied logic, they "got what they deserve". On the other hand, being the proud owner of a jailbroken iphone, I would say that anyone who is getting pwn'd by the exploit deserves it, since they installed software that they didn't install.
November 26 2009 at 7:40 PM Report abuse Permalink rate up rate down ReplyWhat's to keep him from inserting malicious code into the apps that he will help produce for this company. I'd be hesitant to buy them myelf.
November 26 2009 at 6:59 PM Report abuse Permalink rate up rate down ReplyiPhone Apps sold through the App store go though a rigorous testing procedure prior to approval, including analysis of API calls used, much to the chagrin of many App developers.
If anything untoward was happening or likely to happen during normal use of the App, it will be detected during approval.
If something did manage to sneak though, the security of (non-jailbroken) iPhones will prevent the Rogue App from accessing other than it's own user data.
Jailbroken Phones have had this security disabled.
and, on that note, what's to stop anyone from sneaking in malicious code? The point is that the vulnerabilities were caused by users leaving the door wide open, in case you haven't heard that 1000 times over the past two weeks.
November 27 2009 at 3:37 AM Report abuse Permalink rate up rate down ReplyI consider that what the programmer did is wrong. Even though the worm did not caused any damage it can be scary to users to have their phone's background changed without consent.
There are much better ways for programmers to get exposed, like for example creating freeware.
yeah, I think it's pretty obvious that things could have been a lot worse. All three security compromises did little harm, and made everyone aware of a possible vulnerability. In this case, it was a pretty effective psa. In general, anyone who actually causes harm shouldn't be rewarded. However, it's those guys who are most capable of knowing how to stop the same shit that they start. Most of them are doing it as a curious hobby anyway, and just use the world's computers as their proving ground.
November 26 2009 at 6:09 PM Report abuse Permalink rate up rate down ReplyAshley's Worm was actually pretty benign.
It exploited the well publicized hole, made the Phone's owner aware of the problem (and made them look like an idiot at the same time), and then changed the default password ('securing' the known exploit) so nothing else untoward will happen to the victims phone (through the same hole).
It's a lot more Noble than charging victims a fee for instructions on how to undo the damage or phishing financial information out of victims.
Agree with you on this. IMO if he was truly a bad person he would use the exploit for some sort of gain (financial or creating some sort of damage). It really seemed like more of an alert to jailbreak users than anything else.
I'm glad to see he will be putting his skills to a better use though. Good for him....
Hot Apps on TUAW
Deals of the Day
more deals- iFrogz Luxe Lean Hard Case for iPod touch for $10 + free shipping
- Refurbished MacBook Air Laptops: Deals from $849 + free shipping
- iFrogz Breeze Hard Case for iPhone 4 / 4S for $16 + free shipping
- Ventev UltraTHIN Hard Shell Case for iPhone 4 for $2 + $2 s&h, more
- Body Glove Matrix Case for iPhone 4 / 4S for $3 + $2 s&h
- Pogoplug Premium Personal Cloud for PC and Mac for $10 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
22 Comments