For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH. Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. Still confused? Let's back up a bit.

On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. This hack can only affect people who chose not to change that password -- no one else.

This hack originated in Australia, the home country of ikee, and has possibly spread to other iPhones in other countries, but we've been unable to verify that. A gentleman by the name of JD held an interview with the hacker over IRC and posted it to his blog. In ikee's own words, here's how the worm has spread:

...The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on.

Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again.

Luckily for the jailbreakers in the audience who may have been affected, there's really no harm done -- at least not with this version of the worm. According to the hacker, this was more of an experiment than anything else. The worm changes your background and then disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage. For instructions on how to delete this worm, read JD's interview with ikee. I would recommend reading the interview just for the information it presents; I found it pretty interesting. If you've got a jailbroken iPhone or iPod touch and you've never changed the default device password, now's the time. Here's how, if you are using terminal:

Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.

That's it. Please remember to be responsibly secure with your devices. Hackers like ikee are troublesome, but this could have been much worse. While I don't personally condone his actions, he's prevented a lot of people from being vulnerable to more malicious attacks later down the road.

Thanks, James!

For the last several months, anyone who had updated to iPhone OS 3.1 or greater without following a pre-update procedure lost the unlock on their iPhones due to new software in the modem firmware or the baseband. Using the at+xemn crash as an injection point, iPhone hacker Geohot (of the original hardware unlock) was able to unlock the latest firmware on any iPhone.

What does this mean? The iPhone can be unlocked for any GSM carrier, allowing you to use it on more than your country's authorized carrier or other carriers as you're traveling abroad.

Geohot suggests that you update to a fresh copy of iPhone OS 3.1.2 directly from Apple before performing his unlock. He has all the instructions available on his site.

The iPhone is slowly making it's way around the world. In Canada, there are now four major carriers that support the device: Rogers, Fido, Telus and Bell. So how will Apple continue to stock and support the iPhone with that many carriers? That's where the story get's interesting.

According to iPhoneInCanada.ca, to make stocking and inventory easier, the iPhones in Apple's Canadian retail stores will arrive completely unlocked without any SIM card. Once a carrier is chosen and a SIM card is placed in the device, it will then be locked to that carrier. So what happens if you put in a SIM card from a carrier other than the four in Canada? The simple answer: we have no idea!

While we're not entirely sure what this means, it does present some interesting ideas. The Canadian iPhones could only recognize the four possible carrier's SIM cards, but may also be entirely unlocked. It'll be interesting to see how people that want to use the iPhone on unsupported carriers will take this news.

Oh, so tempting. Engadget and Slashgear link to this video from our friend Steven Troughton-Smith: Exposé-style app management running on a jailbroken iPhone. No, you can't download it anywhere yet; no, we don't know when it will be ready for prime time and available on the Cydia repo; no, we don't expect Apple to have anything similar in the pipeline for vanilla iPhone use.

But wouldn't it be nice?

The ever-determined band at iPhone Dev have updated their "PwnageTool" to include the 3.1.2 release of the iPhone software for iPhone 2G/3G/3GS and iPod Touch 1G/2G (note that the iPod touch 3G is NOT supported).

Jailbreaking, which is different than "unlocking", allows different applications to be run other than the ones available at the App Store, and also allows for some additional functionality such as background process for third party applications. I assume that those who are interested in jailbreaking are already familiar with it enough to know what the 'dangers' are.

For the idly curious, I highly recommend that you check out the webpage and think about whether you really need the functionality it offers. Notably, this will not allow for things like internet tethering on a carrier that doesn't officially support it. The iPhone Dev folks suggest that you remain at 3.0 until a hack for that is developed.

Dear Auntie T,

My father-in-law (long time reader) has the old original iPhone. He finally made the jump and got himself a brand new shiny 3G S. My mother in law wanted the old phone, and promptly took her SIM card out and popped it in the old phone. It should have worked. It did not.

It prompted her to connect to iTunes and then tried to get her to choose a data plan, which she didn't want. All she wants is the essential function of a cell phone with a nice iPod layered on top. Wifi would be nice. She couldn't be less interested in a data plan.

This used to be possible. Is it now not possible? A good friend of mine, somewhat recently did this very thing and had no problem whatsoever. He is happily chugging along with a data-free iPhone 3G. ATT is giving them grief over the phone and won't let her use the phone without a data plan, despite the fact that the iPhone, being the original one, is owned outright and is not subsidized in any way.

Love and kisses,

Lauren

Read on for Auntie's response....

Why didn't Apple think of this? SmartScreen lets you add widgets to your iPhone lock screen, providing an interactive dashboard experience whenever you wake up your device. The software is jailbreak-only (as you'd probably expect, given its standard system-defying functionality) and will be launched in November 2009. Widget developers are currently being accepted to an invitation-only beta program. Details for the beta program and the SmartScreen product are available at the media-phone web site.

Yes, this isn't the only lock-screen information system out there. Intelliscreen and LockInfo provide calendar and email updates. At the same time, SmartScreen offers a fresh new approach that's a worthy alternative. I really like the visual flair and paged presentation, and the ability to move widgets around via direct interaction.

[Thanks, pytey and Steve Streza]

Please join us this afternoon at 4:15 Eastern for a live chat with Jay "Saurik" Freeman. Jay is going to talk to us about Apple's new signature server and what that means to you as an iPod or iPhone owner.

Have you noticed a new message in iTunes when you restore an iPhone or iPod touch? "Verifying restore with Apple..."? iTunes is now checking your unit against a registered database and deciding whether to allow you to install your firmware or not. Potentially, Apple could disallow downgrades to previous firmware versions. According to Freeman, this move allows Apple to "recall existing firmwares by keeping people from restoring to them in the future. To do this they simply would refuse to ever sign, for example, iPhone OS 3.0 again."

Freeman will explain why this is a real problem to both the standard App Store community and to the jailbreak community. Join us with your questions.

The legendary Dev-Team has done it again. It just released the new version of the Pwnage Tool, a desktop application that's used to create custom firmware packages to jailbreak iPhones and iPod touches.

Jailbreaking is the act of modifying the official firmware in order to run applications not approved by Apple. Chief among those applications, at least for the iPhone crowd, is the SIM unlock that allows the phone to be used on unofficial cell phone service providers.

The Dev-Team has found holes in previous versions of the iPhone OS that allow this code modification and has developed tools to make exploitation easier for the average user to accomplish. Once implemented, the jailbreak process installs an app that acts an unofficial App Store of sorts. The iPhone or iPod touch user can browse and install games, utilities, themes, and general applications. Cydia, one of these installer apps, even has a store with applications for sale.

Traditionally, when Apple releases a new iPhone OS version, that software upgrade breaks any jailbreak and SIM unlock present on the device. And so, you end up with the cat-and-mouse game that Steve Jobs alluded to shortly after the first firmware loophole was exploited and the original iPhone was unlocked.

Well, the mouse has stolen the cheese once again, and the Pwnage Tool released today will jailbreak the latest firmware, version 3.1.*

The big asterisk at the end of that previous sentence is that the Tool will only work on about half of the devices that use the iPhone OS -- only the original iPhone, original iPod touch, and iPhone 3G. The iPod touch line just released, as well as the 2nd generation iPod touch and the iPhone 3GS, cannot be jailbroken at this time. That means if you've already upgraded to 3.1 on your 3GS, you still won't be able to SIM unlock it as of the time of this post.

So, if you want to SIM unlock your iPhone 3G or the original model, Pwnage Tool 3.1 should do the trick. On the 3G, you'll need to use Icy or Cydia to also install the ultrasn0w app that actually performs the software unlock; however the original iPhone should be unlocked without this additional step.

You will need a Mac to run Pwnage Tool 3.1, but a Windows version is expected in the near future. Also expected soon is redsn0w, for both Mac and Windows, that further simplifies the jailbreak process by avoiding the need to create a custom firmware package.

Keep in mind, if you've been waiting for a jailbreak solution before upgrading to the latest firmware, many users have had fairly substantial issues with iPhone 3.1. My fellow TUAW blogger, Josh Carr, has reported that lots of iPhones and iPod touches are working poorly after upgrading. You may wish to hold off and stick with 3.0 or 3.0.1 until a solution is found, either by Apple or some other group of smart people.

But, if you're so inclined, you may find links to download Pwnage Tool 3.1 on the Dev-Team's official blog. Make sure to read the instructions thoroughly, and take heed of all of the warnings. They are there for a reason.

We've talked before about ways to control a BitTorrent client from the iPhone, and some unofficial developers have gotten it working in a jailbroken way. But apparently that's as far as we'll get -- µMonitor, a little iPhone app to control µTorrent (a popular BitTorrent app that I use pretty often) was recently submitted to the App Store, and Torrentfreak reports that it's been rejected out of hand. This isn't the first time something like this has come up: Drivetrain, another torrent remote control tool, was also rejected back in May.

Apparently Apple tells the developer that they are disallowing all types of BitTorrent-related apps "because this category of applications is often used for the purpose of infringing third party rights." Often does not equal always, but technically that's another point: it's Apple's App Store, and they can take their ball and go home if they want. Torrentfreak claims that the myNZB app technically does the same thing (it basically controls a newsreader that can be used to download large numbers of files, possibly in violation of copyright), but it's the word "torrent" that Apple (and, likely, their content partners) have an issue with. Sure enough, a search of "torrent" on the App Store doesn't bring up anything related to the BitTorrent technology.

You can still run µTorrent on your iPhone, although you'll have to jailbreak it and dive into the Cydia repository, where it's listed under "Utilities." As for Apple's stance, I wouldn't hold your breath waiting for things to change on this one -- µTorrent isn't even an app that enables BitTorrent downloading; it just makes it easier (by accessing a client that's doing the work elsewhere), and if they aren't willing to pay heed to these distinctions now, it's not likely they'll bother in the future, either.

Albuquerque TV Reporter Jeremy Jojola recently used a jailbroken iPhone and Qik [iTunes link] to broadcast a story live for KOB-TV.

It's a far cry from the big trucks with microwave antennas and satellite dishes that are usually seen where news stories are broadcast.

The audio and video quality isn't perfect, but it shows how fast the technology is moving. Jeremy told me he used the AT&T 3G network for the connection.

We've already reported on the Qik app which was recently updated to allow uploading of video using the 3G network, but so far, the live capability has been nixed by Apple/AT&T. The only way to get the full benefit of live streaming is by jailbreaking the iPhone.

Qik runs on a huge variety of other smartphones with full live capability, even on the AT&T network.

If you'd like to see Jeremy's story, it's available by clicking the Read More link below. The actual story is about iPhone developers who live in the area. Here's Jeremy's blog with some more info.

[Via Poynter Institute online]

There's no shortage of Twitter apps in the App Store. Even more surprising is the number of GOOD apps that connect to the popular microblogging platform. I like each for a different reason: Tweetie has a clean user interface, TweetDeck offers multiple columns that sync with its desktop counterpart, and TwitterFon has ReadItLater integration. There are countless others that have unique features, and many of us end up with at least a couple on our iDevices.

But I have a new favorite, qTweeter, developed by the folks at Efiko Software. You won't find it in the App Store, though, because this app requires a jailbroken device. Multitasking isn't officially allowed (yet?) on the iPhone OS, yet qTweeter relies on this capability to perform its best trick.

Say you're checking the weather and want to tell everyone of the approaching hurricane. Normally, you would close your weather application, swipe through pages of apps, tap on and wait for your favorite Twitter client to open and load all of the tweets that you really don't care about right now, and finally type your warning to get the heck out of town. By the time you do all of that, the highway is going to be grid-locked with fleeing residents and you'll be stuck boarding up windows and sweeping up the debris!

Instead, you could have just "pulled" qTweeter down from the status bar, typed your tweet, and went back to the app still running in the background.

In fact, per the recent trend, you could have also posted that same message to your Facebook status with just a tap of a checkbox. It's a much quicker way to get your message out of your head and onto the Net, a fact that you'll appreciate as you get older and those thoughts become more fleeting.

Over the past week, some T-Mobile iPhone customers noticed that their data service suddenly stopped working. Users with unlocked iPhones had been paying $1 a day for unlimited data and text messaging using the Sidekick data plan. It was a great value.

Customers who contacted T-Mobile support received mixed answers. Representatives stated that service was down in their area or that they needed to upgrade to their normal data plan.

Yesterday, T-Mobile sent a tweet on their official Twitter account that they would no longer service iPhone customers using the prepaid Sidekick plan. So just like AT&T cutting off prepaid GoPhone service to iPhone customers, T-Mobile has now eliminated an affordable data option for unlocked iPhones. At this time, it appears that Android-specific data plans remain unaffected.

TUAW has contacted T-Mobile for an official statement on the matter but we have not heard anything back yet.

Thanks Gabe for the tip!

I like to joke that "Iowa is a great place to live, but I wouldn't want to visit." Residents often complain that there's nothing to do (other than milk cows and shuck corn). One can only stand so much antiquing.

But we do have a few things going for us: clean air, relatively light traffic, lots of space, and perhaps the best cell phone plan for the iPhone.

Recently, reader PC Drew, a US Marine living in Japan, sent us a note to let us know about the challenge he had in finding an iPhone plan while visiting his wife's family. A contract plan was out of the question, of course, because of his length of stay and the fact that he's still under a two-year Softbank agreement in Japan. And due to AT&T's, shall we say, "perplexing" lack of a prepaid plan for the iPhone, the official carrier in the States wouldn't help him.

He could have stopped by a Best Buy and picked up an O2 Universal SIM Card for less than $10. That would have provided the ironically-named PC with $0.17 per minute calls but that's it -- no data, no included text messages, and no tethering ability.

After searching a bit for a prepaid solution, he stumbled across the MEGAtalk Nationwide plan from regional GSM carrier, i wireless. This no-contract, no-credit-check offering gives the customer 30 days of unlimited calling, with roaming and long distance, for $49 plus taxes.

But wait, there's more! Not only did PC get unlimited voice minutes, but he also had unlimited SMS texting and, here's the kicker, unlimited data usage. And, with the proper hack, i wireless customers can tether their iPhones for free. Yes, you read that right... free tethering on an unlimited data plan!

Of course, getting a service plan from an unofficial carrier (read: non-AT&T, at least in the United States) requires your iPhone to be SIM-unlocked. This has become much easier over the past two years and most cell phone shops can perform the procedure if you're too nervous. PC had already performed the necessary steps, as he often finds himself in areas that aren't exactly covered by his Softbank contract.

Okay, now for the downer. Because it's a T-Mobile affiliate, i wireless doesn't offer iPhone-compatible 3G service. In fact, they only offer EDGE speeds in their Iowa-based footprint, unless you're traveling to an area with T-Mobile 3G. As a result, that unlimited data is a bit crippled speed-wise, but it's still a heck of a deal.

So, if you're planning on traveling to Iowa -- say, to Fort Madison for the 62nd Annual Tri-State Rodeo in September -- or if you're "lucky" enough to be stuck living here, you might want to take advantage of what's probably the most economical cell phone service plan available for the iPhone anywhere in the USA.

UPDATE: Quite a few readers asked if this plan is available outside of Iowa, so I contacted i wireless directly to find out more about its policy. Yes, you can sign up for this plan, even if you don't live in the i wireless footprint area, however, the representative I spoke with pointed out that this plan may expire at any time, which would seriously affect the customer's ability to use his or her phone effectively. If you are interested in further details, please contact i wireless directly.

DISCLAIMER: I own a computer and cell phone store that sells this particular prepaid plan. But the above story is absolutely true; PC Drew did contact TUAW to brag about his bargain find, without knowing me or my connection to the product.

After writing about the GV Mobile situation on TUAW the other day, a helpful TUAW reader sent me a Google Voice invite (thanks Ian M! You rock!). I set up my account, hopped over to a jailbroken 3.0 iPod touch and downloaded a copy of the software via Cydia. I then copied it off the touch via sftp, signed it with my developer credentials and installed it through iTunes on a non-jailbroken iPhone to see what I'd been missing.

GV Mobile offers a pretty nice feature set. You can use it to set your Google Voice preferences, such as your preferred phone, so that when calls come through the right phone rings. That's an awesome feature on-the-go. Yes, the same option is available at the Voice website, but I really like the simple interface GV Mobile offers to switch that number with just a couple of taps.

You can dial directly from the app out to other phones. You still use your AT&T minutes but you avoid having to navigate through the Google Voice command interface. When the call is over, you return to the application.

The SMS and voicemail features are also very nice, each offering a dedicated screen and easy to use interfaces. A lot of design thought went into the program and it shows, especially in these two options.

Unfortunately, since the application was ported for a jailbreak install, it would no longer remember my user credentials between sessions. Be aware this approach works fine for review but isn't meant for a day-to-day bypass of the App Store, unless your Google username and password are trivial to type over and over again.

Despite the excellent number setting, SMS, and Voicemail features, I felt that most of the application features really needed to be integrated at the OS level, which they presumably will be in Google Chrome or Android. Apple provides its own OS-level telephony system and using this app for outgoing calls really felt more like work than time savings. Yes, the outgoing International rates are superb on Google Voice and the connection quality far exceeds that of Fring's SIP-based services or Skype's iPhone app. That said, I think the application could have benefited from a greater focus on the SMS/voicemail features with the telephone portion being pushed back in prominence.

The program does exhibit a few minor quirks. For example, when I tap on the call history tab, I'd prefer that it gave me a button to load that history from Google Voice rather than do so automatically and trap me, especially when I meant to hit another tab.

All said, I really did enjoy using GV Mobile. I think it has good functionality and must have been a really good App Store offering, while it was there. If you do have a jailbroken iPhone system to test it on, it's certainly worth a spin. And if you find you use it, the application is donationware.