Some Jailbroken iPhone users in Australia have been the first to be infected by the very first iPhone worm. The origins of the worm appear to be from Australia, as they're the first to report problems, getting rickrolled, a famous Internet meme, except this changes the wallpaper to Rick Astley.Any Jailbroken iPhone that have not changed their default password from ‘alpine' once installing SSH, are vulnerable to the worm. The worm is so far harmless, but after one user held an iPhone ransom for €5, the possibilities for a full wide spread attack against SSH Jailbroken iPhone's could be at serious risk.
The attack leaves the users wallpaper to a picture of Rick Astley with the words "ikee is never going to give you up", lyrics from the famous 80's song, with the worm creator calling himself ‘ikee', later to be revealed as ‘ikex'.
After a closer look into some of the code, the creator left many comments and we can see why he wrote the code,
"Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn't anyone RTFM anymore?"
Jailbroken users should change their default password from "alpine" by going into Cydia and installing the MobileTerminal app and use the passwd command to change their password.
Do a little more research neowin, he doesn't deserve any credit for this
Yeah my mistake mate, It's early morning here (4am in Sydney) and I've been hearing about this douche all day since this happened, so I let my nerd rage get the better of me
Either way he is an utter douche for stealing the code then trying to make a name for himself by pimping himself out to the media, I know the police have been contacted about the case as well by several people to tip them off, hopefully he gets the justice deserved
(For the record I HATE the iPhone, but I hate douches like this even more)
Correct. It's a non issue even if you do have ssh installed provided you arent an idiot and change the root password, which everyone knows by now.
To be honest, if you're tech savvy enough to install SSH on your phone, you should have the brains to change the root password - you wouldn't let your computer/server have a root password which is known by millions, so why let your phone have one.
Granted, it isn't Apple's fault when people hack their phones open. At that point the user has to take responsibility for their phone's security.
This worm isn't spreading due to an "exploit" per-say. It is spreading because of users who haphazardly Jailbreak their phone and don't read all the documentation on what it is they are installing.
Than please explain your definition of what is considered news. almost 95% of iPhone jailbreak users do not change their password.
(Ok, so who else has a conspiracy theory? Someone should come up with one about aliens or something.)
How can it be related to apple negatively? This is for jailbroken iPhones, not regular ones (It isn't news worthy, but your view is just ridiculous).
I should have added a /s to that. I don't think this can be pinned on Apple in any way negatively. But it will and does happen. Not so much by the people covering the news, but rather by the people that comment.
Why is his "view" just ridiculous to you? Fact: This can (and frankly, is) be related to Apple negatively (misconstrued or otherwise) and that is why it is in the news. Stating something that makes completely rational sense is not ridiculous.
Granted, it isn't Microsoft's fault when people install 3rd party software on thier OS. At that point the user has to take responsibility......
This metaphor would be true if the 3rd party software also enabled remote desktop with administrator access and a well known password. In addition, this has nothing to do with Microsoft. Not sure why you mention them unless you're trying to turn this mud slinging fest between drones.
SSH is the preferred method by most to browse/edit the iPhone FS however.
I realize that except the article makes it out like if you jailbreak change your password, that isn't the case.
(when you drop them, really, really hard)
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.