Malware Allows Access to Jailbroken iPhones

[Paul Daniel Ash]

Well, we all knew this was coming.

The Macintosh security firm Intego reports that they have identified malware that will allow hackers to access data on jailbroken iPhones running OpenSSH with the default root password 'alpine.' Unjailbroken iPhones, devices not running sshd, and devices with unique root passwords are not vulnerable to this exploit. Though Intego currently categorizes the risk of the malware as "low," users should act to secure their phones.

The tool - which Intego identifies as "iPhone/Privacy.A" - works by being installed onto a "Mac, PC, Unix or Linux" computer - or another iPhone - and then scanning the computer's network to find ssh services.

This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.

When a vulnerable iPhone is found, the hacker can then download all personal data stored on the device: "e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app."

Intego recommends its own VirusBarrier X5 software to identify and eradicate the software on a Mac, but notes there is no detection tool for other computer platforms, or for the iPhone itself. Users of jailbroken phones should not enable ssh except when needed, and should change their root passwords:

• install and run "Mobile Terminal"
• type su root at the shell prompt and tap enter
• type passwd and tap enter
• enter alpine for your old password
• enter new password
• enter new password again to confirm

image via Intego

[dq13]

as soon as the news came up with the "virus" from that guy changing the background and demanding paypal money, I knew someone was gonna come out with something like this... good think I never run OpenSSH

[nighthawk283]

Another one whats up with that wow

[jaynelson134]

can i change my password in cyberduck?

[amybest222]

how do i know if im Jailbroken Iphone is open ssh

[akamandito]

wow that sucks.. im glad i did changed password since the first gen iphone to 3Gs. i usually use openssh to mod my iphone with winscp and all that. just change the password and u will be fine. i hope so have a nice day

[blkcadi]

^if you installed it, it is there. If not your fine.

[dq13]

how do i know if im Jailbroken Iphone is open ssh

by default, its not.. so if you don't know what it is or never used it, you have nothing to worry about cuz its not running

[bbillh77]

who leaves a default password anyway

[suicidesam]

I think i've been breached...I can't change the password it won't let me type in alpine

[yahoowizard]

I think Apple's hacking us so that they can get less jailbreakers, lol.

[jedized]

Please revise your steps to change the password using mobile terminal. They are wrong. That will
only change the
password for user 'mobile' and still leave the hacker access to the user 'root' giving them full control of the device STILL.

[ramsizzle]

im a hardcore idiot when it comes to this ...how do i go about changing my password in winSCP?

[wgm214]

openshh is not even a dependency for any packages, I don't understand why so many newbies hve it installed. if you have no idea how to use it, uninstall it. if you do actually use it, you have three options. You can either consider an alternative, like USB-file transfer with diskaid or netalk which will work for mac. if you do like the ability to do over the air transfer then either change your shh password with mobileterminal or disable shh via sbsettings. if you dot have openshh installed, don't worry about getting a "virus." charlie miller may be an ultimate hacker, but some of things he says are just plan excagerated.

[TooSlo]

Please revise your steps to change the password using mobile terminal. They are wrong. That will
only change the
password for user 'mobile' and still leave the hacker access to the user 'root' giving them full control of the device STILL.

That's why you log in using SU.

Now, I might be a little rusty since it's been a while.

Open Terminal and type in "su"

This should prompt you to use your credentials to log in.

Follow the steps below while still having SU privileges and it SHOULD change that password.

At least that's how I've been doing it when playing around on my HTC, and if I recall, the commands are spot on with the iPhones.

[punjabi212]

I un-installed all SSH stuff I had on my iphone but it still showing up in my SBsettings. Does that mean its still on my phone or its jus there for no reason?

[TooSlo]

openshh is not even a dependency for any packages, I don't understand why so many newbies hve it installed. if you have no idea how to use it, uninstall it. if you do actually use it, you have three options. You can either consider an alternative, like USB-file transfer with diskaid or netalk which will work for mac. if you do like the ability to do over the air transfer then either change your shh password with mobileterminal or disable shh via sbsettings. if you dot have openshh installed, don't worry about getting a "virus." charlie miller may be an ultimate hacker, but some of things he says are just plan excagerated.

Well, it's not exactly true if you are jailbreaking your device on 3.1.2, as you have to SSH to modify the Services.plist if you want to enable USB connectivity to your phone.

The only way to actually replace that file is.....

USING SSH!

[Poseidon79]

im a hardcore idiot when it comes to this ...how do i go about changing my password in winSCP?

Read the first post at the bottom for instructions. It's done with mobile terminal which is downloaded from Cydia.

[one1]

Dear Apple,


You can stop releasing bugs to try and scare people to quit jail breaking. It doesn't work.



~The Community.

[Gent1eman]

You can change it even quicker if you have mobileterminal installed, just type in the command "passwd" and you can just change it simply from there.