Sophos Finds New Malicious Bot-Creating iPhone Worm
Of the ones we reported on recently, the first was a little on the lame side, although it forced you to restore your iPhone, if you didn't want to pay a 5 euro "blackmail fee." The second was just plain silly, and more proof-of-concept, and all it did was "rickroll" your iPhone. There was a third iPhone worm that uploaded your iPhone data to a site, and that is along the same lines as this new one.
The reason these worms only attack jailbroken iPhones is that if you jailbreak your device, and do not reset the SSH password, anyone could get into your iPhone. This is because the default SU password is the well known "alpine." In fact, to become infected, these iPhones have to satisfy the following conditions:
- The iPhone must be jailbroken
- SSH must be enabled (on)
- The root superuser (SU) password has not been changed from "alpine"
People jailbreak their iPhones to give them access to features and functionality that Apple won't allow in the App Store. By doing so, however, they open this security hole, which is easily closed if you follow the following steps to change the SU password:
- Install the MobileTerminal package from Cydia.
- Run the app (named Terminal on your iPhone screen).
- Type "su root" without the quotes and touch return.
- Type the root password "alpine;" hit return. You are now logged in as root.
- Type "passwd;" hit return.
- Enter your new password. They won't be echoed to the screen, not even as "*," BTW. Hit return; you will be prompted to re-enter the password.
- Enter the new password again; hit return.
- Type "exit" and touch return.