• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malicious Worm Takes Aim at Jailbroken iPhones



    There's a new worm on the radar. And, this time, it's a bit more nefarious than anything Rick Astley could have ever imagined himself.

    The worm is the first malicious infestation to hit the iPhone, the first merely displaying a picture of 1980's crooner Rick Astley - although music lovers might claim that was pretty malicious as well.
    According to a boatload of media outlets covering the news today, a second worm to hit the iPhone has been detected by security company F-Secure. And, says TG Daily, for now, the worm has set its sights on people in the Netherlands who use their iPhones for internet banking with Dutch online bank ING Direct.

    In other words, this worm isn't just for "fun." There is an obvious financial motive behind this newly discovered attack.

    The worm attacks jailbroken phones and sneakily redirects bank customers to a cloned, look-alike site prompting one to enter their username and password. Naturally, the bank is now frantically trying to get the word out to customers in a hurried fashion.

    Unfortunately, it isn't yet clear just how many iPhones may be infected. Once thought to be merely in the hundreds, it's now more likely that the number has increased into the thousands. As warned by F-Secure, the aforementioned worm can recruit iPhones to a botnet and skip around among phones currently sharing the same wi-fi hotspot.

    "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," says F-Secure research director Mikko Hyponen."It's fairly isolated and specific to Netherlands but it is capable of spreading."
    For now, fending off the worm involves some pretty basic steps. For example, jailbroken phone owners are strongly encouraged to revise their SSH password from the default '"Alpine" to help evade the worm.

    To help spread the word and not the worm, F-Secure is endeavoring to publish as many known details as possible of the worm. You can check out their official blog originating from Lithuania by clicking here.

    Image via Mobile Castle
    This article was originally published in forum thread: Malicious Worm Takes Aim at Jailbroken iPhones started by Michael Essany View original post
    Comments 56 Comments
    1. Rob_Quads's Avatar
      Rob_Quads -
      I hate the way the press are advertising this as a problem with "jailbroken phones". Bit like saying "Windows hackers rejoice" when someone thunderbird have a bug in thier code. Yes they have a jailbroken but its not that, thats causing the problem.
    1. marko911's Avatar
      marko911 -
      I have a question just in case ppl have problem changing the root password.

      I've notice that wen you install sbsettings and you swipe your finger accros the stattus bar u get a pop up window or some like that with short cuts to wifi, 3G, Brightness and SSH now will this do the trick on stoping hackers on hacking ur phone if you turn SSH off ? Me personally i keep it turned off even tho i have the root password changed i only turn it on if i use SSH .

      Can some one answear this qustion if they know it .

      Thank you very much ......
    1. tonman23's Avatar
      tonman23 -
      I haven't needed ssh on my phone in some time! I use iphone browser to transfer files to my phone, mobile terminal has been good enough for other things so far.
    1. Ace01xc's Avatar
      Ace01xc -
      Just change the password open cydia download mobile terminal and then erica tools when done open terminal enter the command passwd, press enter then after put old one in Alpine then your new one (please remember the new password) now more worry 's about silly apple tricks like 1.1.1, oops can not talk about that.
    1. Risingstar's Avatar
      Risingstar -
      willing to bet any money that Apple is making these bugs.
    1. exNavy's Avatar
      exNavy -
      Quote Originally Posted by Imahottguy View Post
      For the love of gawd! n00bs: Change your effing root password!!

      @Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

      And the mobile password as well.
    1. rwin84's Avatar
      rwin84 -
      ridiculous... well i gues having a computer in our pocket has finally caught up with us... we now have to deal with all the problems of a computer...
    1. sk8ertim's Avatar
      sk8ertim -
      Damn these "WORMS" are annoying!
      I havent switched my root PW on my Mom's iPhone, but she doesnt even use SSH! I have it installed and it is ALWAYS off.
      When I get a new iPhone, my PW will be 10chars long... maybe like all my other passwords, 26chars long...

      PEOPLE! CHANGE THE PASS IF YOU USE SSH!
      Then we wont have these "WORMZ"!

      Also, maybe in the next ver of oPenSSH there will be an add-on so that before completing installation you would have to MAKE YOUR OWN PASSWORD!

      Just my .02cents
    1. szr's Avatar
      szr -
      You should not only change your root password, but edit your /etc/ssh/sshd_config to turn off Password based auth and only use Public Key auth.


      1) You first need to creat a public key and private key pair. You can do this on almost any computer that has an ssh client.

      If you use OS X or any UNIX/Linux type system, please see this link. On windows, Putty and Winscp come with a key generator that creates proper keys that they can use; see the link also, but ignore all parts expect those that tell you what to do on your iPhone/iPod, just make sure your ssh/sftp client is set it use your Private Key!

      > Setting up SSH keys <


      2) Open (or download from your device and open in your favorite editor) /etc/ssh/sshd_config


      3) Look for a line containing PasswordAuthentication, make sure it's not commented and set to no, so it looks like:
      PasswordAuthentication no


      4) Look for a line containing PubkeyAuthentication, make sure it's also not commented out and make sure it's set to yes, so it looks like:
      PubkeyAuthentication yes


      *** If you run into any problems logging in with root, you can use Mobile Term or iFile to edit /etc/ssh/sshd_config to set PasswordAuthentication to yes if need be, which is recommended when first testing your key to make sure it works while still allowing you the fall back of regular password auth. Once you verify Key auth is working, turn off Password auth.


      Also, regardless if you go with Key based auth or not, when you are out in public, it can be better to just turn off SSH altogether - very easy to do with something like SBSettings - you can't pick the lock if there is no door.

      IMHO it only makes sense to have SSH on when you're at home or other trusted locations.
    1. boxxa's Avatar
      boxxa -
      If you cant change your iPhone's root password, you should not be installing OpenSSH in the first place.


      Just my $0.02
    1. JailbrokeniPodKing's Avatar
      JailbrokeniPodKing -
      thanks, but this has been going round for at least a fortnight, ive had it :L and i dont live in the netherlands theres the easy but *** way getting out without donating, which is restoring which is ***! Unless you have ROCK backing up your stuff
    1. volatile-dev's Avatar
      volatile-dev -
      Would it not be possible to automatically prompt the user upon installation of OpenSSH to change the root and mobile passwords?

      Just a thought...
    1. bengo's Avatar
      bengo -
      Quote Originally Posted by chris4851 View Post
      It's as simple as this.... if you know how to and have Jailbroken your phone you SHOULD know how to change your root password. Pure laziness and it's there fault to get infected.
      Yeah this might have been a good reply back in the 1.0 days, when jailbreaks and unlocks were pretty effin complicated to do. Nowadays, with Geohot's all in one click utility, every noob on the planet can get their iPhone jailbroken.

      I think the solution would be to incorporate a password change feature in the jailbreak utilities from now on.
    1. Jahooba's Avatar
      Jahooba -
      Quote Originally Posted by Imahottguy View Post
      For the love of gawd! n00bs: Change your effing root password!!

      @Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
      You call people noobs but don't help them out. Modmyi is a place where we help people, if you want to be an elitist a-hole then go somewhere else.

      You should know better by now.
    1. jOnGarrett's Avatar
      jOnGarrett -
      great, this is all we need to give Apple an excuse for making iphones un-jailbreakable.
    1. bengo's Avatar
      bengo -
      Quote Originally Posted by jOnGarrett View Post
      great, this is all we need to give Apple an excuse for making iphones un-jailbreakable.
      yeah... I don't think they have a choice... it's called jailbreaking for a reason.
    1. rhekt's Avatar
      rhekt -
      well...here it all goes again. fortunately w/ the previous 2 viruses you got a nifty pic letting you know you were infected. itll be too late, especially financially for those that get this sand worm.
    1. aekhamsouk's Avatar
      aekhamsouk -
      how come these carriers don't protect their customers and their own network by locking down these ports and protocols? duh!
    1. fidosam's Avatar
      fidosam -
      Quote Originally Posted by marko911 View Post
      TO ALL : Please just change the root password and thats it its not that hard just click on this link and it will show you step by step on how to do it ..

      How To Change the iPhone’s Root Password | Just Another iPhone Blog

      Dont forget to hitt the " thanks " if it helped you .
      Thank you once again! I was having problems SSHing today (LOL) and used MobileTerminal instead...piece of cake!
    1. Quailitynoob's Avatar
      Quailitynoob -
      Done confirmed with Winscp
      On the iPhone:

      The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

      Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

      iPhoneName: ~ Mobile$

      At that prompt, type: passwd
      You’ll be prompted for the ‘old’ (current) password for the mobile user. Enter this as the old password: alpine
      You’ll then be prompted to enter the new password – so just type in your desired new password. Use good password principles if possible (long and stong). You will not see characters appearing on the screen as you type – that’s normal, not a concern.
      You’ll then be prompted to re-enter the new password. Do that.
      You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app. There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful. And you’re done with change for the mobile account.
      The second primary admin account for the iPhone is called root – so now you need to change that as well.
      Type this to switch to the root user: login root
      You’ll be prompted for the root user’s current password. Enter this: alpine
      Type this to start the password change routine again: passwd
      Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account
      Done
      Using this Just another iPhone blog