Malicious Worm Takes Aim at Jailbroken iPhones

[Quailitynoob]

Done confirmed with Winscp

On the iPhone:

The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

iPhoneName: ~ Mobile$

At that prompt, type: passwd
You’ll be prompted for the ‘old’ (current) password for the mobile user. Enter this as the old password: alpine
You’ll then be prompted to enter the new password – so just type in your desired new password. Use good password principles if possible (long and stong). You will not see characters appearing on the screen as you type – that’s normal, not a concern.
You’ll then be prompted to re-enter the new password. Do that.
You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app. There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful. And you’re done with change for the mobile account.
The second primary admin account for the iPhone is called root – so now you need to change that as well.
Type this to switch to the root user: login root
You’ll be prompted for the root user’s current password. Enter this: alpine
Type this to start the password change routine again: passwd
Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account
Done

Using this Just another iPhone blog

[ecd5000]

ok changing the PW seems to hard, then download some toggles and keep ssh off if your not using it. love how this is the 3rd topic on this type of thing and people still seem to have issues with it, they dont deserve to have an iphone

[hancoma]

how come these carriers don't protect their customers and their own network by locking down these ports and protocols? duh!

The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

Phones not jailbroken will not and cannot be exploited with this 'worm. '

[Cer0]

The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

Phones not jailbroken will not and cannot be exploited with this 'worm. '

I think he was meaning they block the ports used to SSH in. I thought I saw that ATT blocked port 22.

I just saw a story on MSNBC on this and laughed because of this:

For example, Apple prevents users from switching service providers to unauthorized carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorized programs covering areas including Internet phone calls, WiFi access and pornography.

Really lol. Didn't know we couldn't get porn without being jailbroken.

[KartRacer]

You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

Actually they need the TV to fall on their head, so to speak.

[kugi_igi]

another "worm" issue again,maybe started by Apple again

[matthew1111]

Jailbreak programs should now come w/ instructions on how to change your default pass alpine!

[awesomeSlayer]

More worms? Can't these hackers just leave the iPhone and iPod touch alone?

[smuggler]

is the worm just effecting jailbroken iphones running openssh? the article doesn't really explain in great detail as to how an iphone is vulnerable to the attack

[blkcadi]

^ yes, actually I was reading on another forum today and a guy had posted screenies of his virus infested phone. This is for real people. Take heed.

[1hihum]

Actually they need the TV to fall on their head, so to speak.

Way to contribute guys. It must be nice to have never been a noob yourselves. I now know who to go to whenever I don't have an answer.



Where's the Bull$!t smiley when i need it.

[szr]

Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

Be default an SSH server usually listens on tcp port 22, but you can change that to, say,

Code:

Port 522

Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.

[Cer0]

Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

Be default an SSH server usually listens on tcp port 22, but you can change that to, say,

Code:

Port 522

Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.

Thank you I was wondering this the other day; just changing the port to a different one.

[mwo2616]

True that!

Or just uninstall openssh!!

Already done that!

[ifonemaniac]

willing to bet any money that Apple is making these bugs.

Please dont get rota started... :-p J/k rota much love

[xwinger]

too bad my iphone is broken

[Eiswritsat]

this is what showed up on her first gen iphone lastnight, her phone is unlocked and the ssh password was changed from alpine over a month ago...crazy right. Im glad mine is ok, so i had to do another restore for her at like 12:30