11-09-2009, 10:25 AM

From BBC News:

Quote:

The first worm to infect the Apple iPhone has been discovered spreading "in the wild" in Australia.

The self-propagating program changes the phone's wallpaper to a picture of 80s singer Rick Astley with the message "ikee is never going to give you up".

The worm, known as ikee, only affects "jail-broken" phones, where a user has removed Apple's protection mechanisms to allow the phone to run any software.

Experts say the worm is not harmful but more malicious variants could follow.

11-09-2009, 11:32 AM

I read on another site that this exploit occurs when these two conditions are met:

1) a jail-broken iPhone

2) SSS installed with the default password unchanged

"What needs to be stressed, though, is the fact that the ikee worm only affects jailbroken iPhones running the SSH app with the default password, which represents a very small percentage of the total number of iPhones out there." from pcworld.com

Mike

11-09-2009, 01:12 PM

Interesting. I guess any time there's a blip on the security screen of an Apple product, the media makes all kinds of fuss before they have their facts straight.

11-09-2009, 02:17 PM

Quote:

Originally Posted by mjfleck2000

I read on another site that this exploit occurs when these two conditions are met:

1) a jail-broken iPhone

2) SSS installed with the default password unchanged

"What needs to be stressed, though, is the fact that the ikee worm only affects jailbroken iPhones running the SSH app with the default password, which represents a very small percentage of the total number of iPhones out there." from pcworld.com

Mike

Correct, the 2 conditions above are a pre-requisite for the malware to be successful.
Bad thing is that people only remember 2 words from the whole article and that is .... " iPhone hacked "
What people do not read is that existing security controls needed to be broken first ..... deliberately ... it was only a matter of " when " , not " if ".

Cheers ... McBie

11-09-2009, 05:21 PM

Quote:

Originally Posted by cwa107

Interesting. I guess any time there's a blip on the security screen of an Apple product, the media makes all kinds of fuss before they have their facts straight.

Probably because people don't associate malicious programs with Macs (or Apple, or MACS), so whenever anything is brought up that an Apple device has been infected or has been "hacked", everyone goes bonkers. At least that's what I think.

11-10-2009, 12:37 PM

I got my iPhone infected by this worm two days ago. It was weird as I didn't expect something like this to hit the iPhones. Oh well, another lesson to look at security!!

11-10-2009, 12:47 PM

Quote:

Originally Posted by wantedinc

I got my iPhone infected by this worm two days ago. It was weird as I didn't expect something like this to hit the iPhones. Oh well, another lesson to look at security!!

Do note that this wouldn't have happened if you were running the stock software. It's important to note that when you subvert the intent of the OS engineers, you accept a degree of risk. In this case, someone capitalized on sloppy work by the jailbreak author, resulting in a security breach.

11-10-2009, 01:07 PM

For anyone whose interested in how to change your password...

Fix for Worm on Jailbroken iPhone/iPod Touch, Change Default OpenSSH Password

11-11-2009, 08:39 AM

Yeah I realize it.. Ive finally upgraded my firmware to 3.1.2, so no more worms(hopefully).

But there are some irresistible things about custom software.

11-11-2009, 09:04 AM

Quote:

Originally Posted by cwa107

Do note that this wouldn't have happened if you were running the stock software. It's important to note that when you subvert the intent of the OS engineers, you accept a degree of risk. In this case, someone capitalized on sloppy work by the jailbreak author, resulting in a security breach.

This is o so true in a lot of cases.
issue being that people do not have a " risk management " mindset when it comes to computing devices ( as a general term ).
Everybody knows you need car insurance and protection against fire, but the risks inherent with your electronic identify are overlooked.

People sacrifice risks for the sake of ' usability ', without thinking.
It happened 50 years ago, it happens today and it will happen again tomorrow.

If people think technology is going to solve their security problems, then they don't understand the technology and they don't understand the problems.
IT Security is more about people and their behavior then it is about machines and their settings.

Just my 2 cents.

Cheers ... McBie

11-11-2009, 12:51 PM

I always thought things like this was expected when you jailbreak a device. Maybe if you didn't mess with the iphone OS you wouldn't get problems?

11-25-2009, 01:38 PM

Shouldn't be news imo. Phones have always been getting viruses, the iPhone is no different, especially if you compromise the security of the phone by jailbreaking it.

Well, time to change the root password :p.

11-25-2009, 02:15 PM

Quote:

Originally Posted by cwa107

From BBC News:

BWAHAHAHAHAHAAHAHAH!

11-26-2009, 06:10 PM

I got my iPhone 2 weeks after it came out (the first one). It now runs 3.1 software in europe. Never had any issues with it so not impressed of seeing this.

- Lex