Close on the heels of the iKee virus attack that rickrolled jailbroken iPhone users earlier this week comes yet another worm that exploits the same security hole - just that this one is much more dangerous.
A Mac Security software development company, Intego has revealed that the worm called iPhone/Privacy.A works very much like the iKee virus. It scans the neighborhood for jailbroken iPhones which have SSH installed on them with the default "alpine" password and once a vulnerable iPhone is detected, they are attacked to extract every kind of data stored in them by the owner. Explaining this, the Intego blog notes
"This tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app"
Unlike the earlier iKee virus, the iPhone owner in this case does not even get to know that their privacy has been compromised as the worm leaves no traces behind after the attack.
Most of us use our iPhones to not just store data relating to our personal lives, but to also store a lot of confidential business information. Such exploits could have serious implications to the user whose iPhones are attacked. If you are one of those whose iPhone is vulnerable to this worm, do not forget to change your password by following the steps given here. You might never know when your iPhone is attacked.
[via Intego Blog]
So…I never installed SSH, I use iphonebrowser, should I be worried? I don't recall having any passwords for it.
Wrong! Read the actual Intego blog post on this. This is NOT a worm floating around from iPhone to iPhone, like the Ikee worm was.
This is a hacker tool that hackers put on some computer, that scans network ip ranges looking for iPhones that have ssh open and if they do, tries the default password. What Intego's software does is scan your computer to see if it's on your computer, that's it. The only way this would get on a computer is if someone with the admin password installed it, making Intego completely useless you're some kind of network admin looking at your internal users doing prohibited things.
To @katsuboi – correct, you are not at risk at all if you've never installed SSH.
oops, didn't finish my thought: this isn't a worm, but it does look for the same exploit at the worm (open port 22, default password).
Anyone with a Mac or Linux computer can do the same thing with just Network Utility and the Terminal. Do a port scan of a network, log in with common username and password combos.
This isn't news at all, any computer (or iPhone) that opens network ports and doesn't use secure passwords is just asking for someone to login and peek around for anything interesting.
Same thing for the uninformed that leave their wireless routers at home or the office open to all and don't even change the router passwords.
you see what this IKEE mother fucker did? now were all screwed. fuck you ikee. it opened up the door to any hacker that wants to screw with others technology.
What if we just turn off SSH before going onto a public network?
exactly. ikee only wanted to prank people with this security flaw but what he did is show all the evil people how to steal information. stupid dumbass, think before you do stuff like this.
Yes, but if you know about a hole/flaw and don't fix it, then you have noone to blame but yourself
Or just change the default SSH password…leaving default pwords no matter what the device is ridiculous.
i think apple is paying some programmers to do this in order to break down the jailbreak community and prove that jailbreak is unsafe
but they will not win!!!!!!
i think apple is paying some programmers to do this in order to break down the jailbreak community and prove that jailbreak is unsafe
but they will not win!!!!!!
I brought this up on a few forums a few months ago, i was scanning my local network and found all these ips with ssh open, then i realised it was the iPhones, i have found that while the phone is NOT in use the ssh service is inaccessible, but when its in use you can access the phone.
There are limits but in a public place a wellc onfigured scripts can dump all the data fromt he iphone to someones laptop, such as at a concert or shopping mall.x
So watch out, either disable SSH, or change the password.
I agree with you mike apple is behind all this to stop from jailbraking , but it wont work
This is stupid. There should be hundred of this kind of worm to hack stupid people phones. Come on, will you lock your house and leave the key outside? Then why leave the default password for the SSH?
Like I said b4 the flood gates have been opened.
" I've got one that can see !!! "
+theyliveandwesleep.com+
" TL Agenda Commericials !!! "
+theyliveandwesleep.com+
How do i know if i have that ssh thing? I used blackrain to jailbreak my iphone 3gs. Pls enlighten me. thank u
I don't blame ikee. Just imagine if didn't do the prank. How long and how many iPhones would be compromised?
If SSH was installed and then removed, am I at risk?
Nope
To CLARIFY all you who aren't sure you have SSH installed.
Rule of thumb is you don't, unless you have cydia installed (which is a hacked-up version of apt-get).
If you are still unsure download puTTY, (use safari on your iPhone and go to http://www.whatismyip.com) and using puTTY connect to SSH port 22 using the ip you found earlier, if you cannot connect then your secure.
Awww come on! This is just common sense. Why would Apple bother with such a tiny manner as the default root/mobile passwords?
Someone just used people's ignorance to create a simple utility.
If you don't install Open SSH nor Mobile Terminal, you don't have to worry. But come on! Are you of those ppl who buy a new pc/mac and when asked to provide a password, do you leave it blank? Please tell me where you live and where do you hide the spare key…
Sorry for being nooby, but I can't delete Mobile Terminal after I changed my password. The cross in the upper-left corner which usually appears, doesn't appear. How can I still delete Mobile terminal?
found it… Go to Cydia find Mobile Terminal again and modify and remove.
Well, technically you're always on a public network, ie. your phone providers network.
Every other phone/device on the network can access your iphone, and if you have openssh and the alpine default password set, you're an easy target (This is exactly what Ikee's worm did)
The fact of the matter is, jailbreaking is so easy now, that there's users out there who don't understand what they're actually doing with their device, and therefore, sacrifice the security of their device in the process.
IMO, People who hadn't changed their iphone's default root password immediately after jailbreak, should be thanking Ikee for the advanced warning (even if they didn't heed the advice)
Don't blame Ikee for other more sinister hackers attacks. ssh'ing to someone's iphone and entering the default root password isn't exactly genius, and many hackers eyes certainly weren't opened by Ikee's actions!!!
It's very likely people's iphones were being hacked well before Ikee did anything about it!