Recommended NZ | Guide to Money | Gimme: Competitions - Giveaways

iPhone Welcomes A Worm

Read More:
David Silversmith
David Silversmith

If you’ve got a jailbroken iPhone, it's time to become vigilant.  A worm, originating in Australia, is targeting iPhone owners who have not changed the default password after installing SSH. The worm’s behavior is somewhat amusing - not dangerous - but who knows what comes next?

If you have not jailbroken your iPhone or iPod Touch and installed SSH, then you are not affected.  So you are covered and need not worry.

Even if you get the worm, it’s behavior is silly - all it does is change your background to a photo of Rick Astley, then looks for other phones on the network that it can infect. That said, the exploit could easily be used by hackers with malicious intent for more nefarious purposes.

On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. So this hack can only affect people who have a jailbroken phone, installed SSH and chose not to change the default password -- no one else.

Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again.

Sophos writes of the exploit:

SophosLabs is analysing the worm’s code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labelled the “D” version) is that it tries to hide its presence by using a filepath suggestive of the Cydia application.  The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them.

This hack originated in Australia, the home country of ikee who is alleged to be the author. A gentleman by the name of JD held an interview with the hacker over IRC and posted it to his blog.  According to the ikee from both the interview and some of the comments in his code, this was more of an experiment than anything else. In addition to changing your background the worm disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage.

In general Apple devices like Macintoshes have been the least impacted by viruses.  It's long been disputed if that is due to better security on these devices or the fact that they have a smaller user base and thus it is less valuable for hackers to attack.  The popularity of the iPhone certainly changes this equation and, form the perspective of a hacker, makes the iPhone a desirable target

All articles and comments on have been submitted by our community of users. Please notify us if you believe an item on this site breaches our community guidelines.