+ Reply
Page 3 of 3 FirstFirst 123
Results 41 to 57 of 57

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Malicious Worm Takes Aim at Jailbroken iPhones

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #41
    Green Apple Quailitynoob's Avatar
    Join Date
    Jul 2009
    Posts
    64
    Thanks
    30
    Thanked 7 Times in 7 Posts

    Done confirmed with Winscp
    On the iPhone:

    The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

    Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

    iPhoneName: ~ Mobile$

    At that prompt, type: passwd
    You’ll be prompted for the ‘old’ (current) password for the mobile user. Enter this as the old password: alpine
    You’ll then be prompted to enter the new password – so just type in your desired new password. Use good password principles if possible (long and stong). You will not see characters appearing on the screen as you type – that’s normal, not a concern.
    You’ll then be prompted to re-enter the new password. Do that.
    You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app. There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful. And you’re done with change for the mobile account.
    The second primary admin account for the iPhone is called root – so now you need to change that as well.
    Type this to switch to the root user: login root
    You’ll be prompted for the root user’s current password. Enter this: alpine
    Type this to start the password change routine again: passwd
    Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account
    Done
    Using this Just another iPhone blog

  2. #42
    iPhoneaholic ecd5000's Avatar
    Join Date
    Oct 2008
    Location
    Six - One - Zero
    Posts
    414
    Thanks
    6
    Thanked 18 Times in 15 Posts

    ok changing the PW seems to hard, then download some toggles and keep ssh off if your not using it. love how this is the 3rd topic on this type of thing and people still seem to have issues with it, they dont deserve to have an iphone
    Quote Originally Posted by ??????
    Hi. Does anyone know is iBlacklist available in the app store? can it only be purchased outside the app store? If so, is it hard to install? Thanks everyone.

  3. #43
    iPhone? More like MyPhone hancoma's Avatar
    Join Date
    Oct 2009
    Location
    Austin Texas
    Posts
    129
    Thanks
    14
    Thanked 15 Times in 8 Posts

    Quote Originally Posted by aekhamsouk View Post
    how come these carriers don't protect their customers and their own network by locking down these ports and protocols? duh!
    The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

    Phones not jailbroken will not and cannot be exploited with this 'worm. '

  4. #44
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,999
    Thanks
    388
    Thanked 1,141 Times in 891 Posts

    Quote Originally Posted by hancoma View Post
    The carriers have nothing to do with it...this is an issue that ONLY applies to jailbroken iphones that have ssh installed, with the default password not changed.

    Phones not jailbroken will not and cannot be exploited with this 'worm. '
    I think he was meaning they block the ports used to SSH in. I thought I saw that ATT blocked port 22.

    I just saw a story on MSNBC on this and laughed because of this:

    For example, Apple prevents users from switching service providers to unauthorized carriers and limits users to the approximately 100,000 programs that the company has vetted for installation on the device. There are thousands of unauthorized programs covering areas including Internet phone calls, WiFi access and pornography.

    Really lol. Didn't know we couldn't get porn without being jailbroken.
    Last edited by Cer0; 11-23-2009 at 04:50 PM.

  5. #45
    My iPhone is a Part of Me
    Join Date
    Nov 2007
    Posts
    812
    Thanks
    72
    Thanked 147 Times in 90 Posts

    Quote Originally Posted by Imahottguy View Post
    You should put info on how to change the default password in the first post, n00bs need to be spoon fed.
    Actually they need the TV to fall on their head, so to speak.
    Last edited by KartRacer; 11-23-2009 at 04:20 PM.

  6. #46
    What's Jailbreak?
    Join Date
    May 2008
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    another "worm" issue again,maybe started by Apple again

  7. #47
    iPhone? More like MyPhone matthew1111's Avatar
    Join Date
    Aug 2009
    Location
    Texas
    Posts
    240
    Thanks
    40
    Thanked 6 Times in 6 Posts

    Jailbreak programs should now come w/ instructions on how to change your default pass alpine!
    That Thanks button is there for a reason!


  8. #48
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    More worms? Can't these hackers just leave the iPhone and iPod touch alone?
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  9. #49
    iPhone? More like MyPhone smuggler's Avatar
    Join Date
    Jul 2009
    Location
    atlanta, ga
    Posts
    192
    Thanks
    11
    Thanked 3 Times in 2 Posts

    is the worm just effecting jailbroken iphones running openssh? the article doesn't really explain in great detail as to how an iphone is vulnerable to the attack
    Computers in the future may weigh no more than 1.5 tons.
    - Popular Mechanics, 1949

  10. #50
    Super Duper Moderator blkcadi's Avatar
    Join Date
    Aug 2008
    Location
     Valley of the Sun, ARIZONA ♥♥♥
    Posts
    30,409
    Thanks
    3,700
    Thanked 9,607 Times in 5,895 Posts

    ^ yes, actually I was reading on another forum today and a guy had posted screenies of his virus infested phone. This is for real people. Take heed.

  11. #51
    Theme Creator
    Join Date
    Apr 2008
    Location
    In a state of confusion
    Posts
    1,144
    Thanks
    514
    Thanked 645 Times in 424 Posts

    Quote Originally Posted by KartRacer View Post
    Actually they need the TV to fall on their head, so to speak.
    Way to contribute guys. It must be nice to have never been a noob yourselves. I now know who to go to whenever I don't have an answer.



    Where's the Bull$!t smiley when i need it.

  12. #52
    szr
    szr is offline
    iPhone? More like MyPhone szr's Avatar
    Join Date
    Aug 2009
    Posts
    293
    Thanks
    111
    Thanked 23 Times in 19 Posts

    Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

    Be default an SSH server usually listens on tcp port 22, but you can change that to, say,
    Code:
    Port 522
    Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.

  13. The Following User Says Thank You to szr For This Useful Post:

    1hihum (11-23-2009)

  14. #53
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,999
    Thanks
    388
    Thanked 1,141 Times in 891 Posts

    Quote Originally Posted by szr View Post
    Another thing one can do to pretect one self (in addition to disabling SSH when it's not needed and possibly switching off password auth in favor of key based auth) is to edit the /etc/ssh/sshd_config file on the device and uncommand/change the 'Port' setting.

    Be default an SSH server usually listens on tcp port 22, but you can change that to, say,
    Code:
    Port 522
    Th reason this is safer is that Viri like this new worm look for running ssh servers using the default port, 22.
    Thank you I was wondering this the other day; just changing the port to a different one.

  15. #54
    What's Jailbreak? mwo2616's Avatar
    Join Date
    Apr 2009
    Location
    Dallas area
    Posts
    10
    Thanks
    1
    Thanked 1 Time in 1 Post
    Quote Originally Posted by madczech View Post
    True that!

    Or just uninstall openssh!!


    Already done that!

  16. #55
    iPhone? More like MyPhone ifonemaniac's Avatar
    Join Date
    Sep 2008
    Location
    U.S.
    Posts
    165
    Thanks
    31
    Thanked 22 Times in 16 Posts

    Quote Originally Posted by Risingstar View Post
    willing to bet any money that Apple is making these bugs.
    Please dont get rota started... :-p J/k rota much love

  17. #56
    iPhoneaholic xwinger's Avatar
    Join Date
    Jul 2008
    Location
    Calgary, Canada
    Posts
    470
    Thanks
    39
    Thanked 26 Times in 24 Posts

    too bad my iphone is broken
    I am not a jailbreak n00b
    I like to drink iPhoneahol...
    Circa 2008

  18. #57
    iPhone? More like MyPhone
    Join Date
    Oct 2007
    Posts
    111
    Thanks
    2
    Thanked 3 Times in 3 Posts

    this is what showed up on her first gen iphone lastnight, her phone is unlocked and the ssh password was changed from alpine over a month ago...crazy right. Im glad mine is ok, so i had to do another restore for her at like 12:30


+ Reply
Page 3 of 3 FirstFirst 123
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts