Another iPhone worm, but this one is serious

Another iPhone worm has been spotted in the wild.

Unlike the previous exploitation, which merely changed a jailbroken iPhone's wallpaper to a picture of Rick Astley of "Rickrolling" fame, this new threat allows hackers to steal sensitive information.

According to security firm Sophos, which wrote about the exploitation after a Dutch ISP spotted it late last week, the worm attacks jailbroken iPhone and iPod Touch devices only.

The worm "uses command-and-control, like a traditional PC botnet," Sophos wrote in a blog post on Saturday to warn users about the exploit. "It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server to upload stolen data and cede control to the bot master."

Jailbreaking, which has been around for about two years, is a hack that enables iPhone and iPod Touch users to download applications unavailable through Apple's App Store.

Sophos wrote that the worm attacks users on several ISPs, including UPC in the Netherlands, Optus in Australia, and T-Mobile in several countries worldwide. Worse, the worm spreads faster on a Wi-Fi connection than a 3G connection. Users with affected devices might notice extremely short battery life while on Wi-Fi. According to Sophos, that's mainly due to the worm engaging in "so much network activity."

When a device is infected, it's assigned a unique number so that the attackers can easily pinpoint a single device. It also looks for authentication systems that use SMS, better known as mTANs. mTANs are frequently used by banks that send an SMS message with a password to mobile phones, allowing people to log in to their online accounts, Sophos wrote.

In essence, this threat is serious.

Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem.

[davidwarren]

Or just change your SSH password from the default "alpine" to something else. Open mobile terminal and use the command passwd. Pretty easy fix.

[chedlin]

This is an easy fix if you also change the root password. I chose to change my password, and then I disabled root ssh access by editing /etc/ssh/sshd_config. This should be the default configuration when you install ssh, and it should require you to change the mobile password before activating ssh.

[DumbMacUser1]

Serves them right for wasting good money on iCrap garbage from crApple. <br /> <br />And let's get one thing straight; we all know who wrote this worm/virus, since certain racist criminal crook$ are obviously above the law and free to commit any act of felony/misdemeanor they want...

[Yelonde]

@ DumbMacUser1<br /><br />lol, you idiot. The worn only affects jailbroken iPod Touches and iPhones, (which is not supported) which means that the vast majority of iPhones and iPod touches will not be affected.<br /><br />Oh, and BTW, you never were a mac user. You were always a PC Ballmer Koolaid drinking fanboy :)<br />Thank you for making yourself look like an idiot on cnet ^^

[Mergatroid Mania]

Yep, no matter how much I would like to, you can't blame this one on Apple.<br /><br />Since it's only effecting jail broken phones, and Apple doesn't support that, it's hardly their fault.

[DumbMacUser1]

Regardless, it is still iCrap garbage. <br /><br />Its either crApple stealing all your personal data on your iCrap or someone else.<br /><br />Either way, they are both criminal crooks, and the victims are nincumpoops who program your credit card numbers to their childrens' iCrap and give it to them to buy all the Fart Programs and iGarbage they want form crApple.<br /><br />[CNET editors' note: Personal attack deleted.]

[Amzer0]

Wow, did someone get a Mac dropped on them as a kid?

[Yelonde]

So... You honestly beleive that apple is stealing personal information? What next? Aliens are trying to break into your mind to read your deepest thoughts? Paranoid much?<br /><br />Apple does not give a crap about you, FYI. There are other people (customers) that they would rather support, and take care of.

[kool_skatkat]

You'd think that the jail breaking tool creators would at least make it safe for their users and automate the process. Unless their focus is not more security but less security if it provides more freedom. <br /> <br />If you loose money after jailbraking your phone, do get to sue the author of the tools?

[eyepoker]

doubt it... you are jailbreaking your phone afterall and doing it for free. <br /> <br />I think this is an important article not just for alerting iPhone users but for other mobile device users as well. The key takeaway is the part about listening for MMS messages for code/passwords sent to the device from a bank. Mobile devices are a very attractive target for abuse by virus writers as security is not something that people think of when they think about their phone. Makes me want to get an anti-malware app for my own device.

[Stormspace]

If SSH is such a problem for iPhones, why not all OSX machines with SSH?

[Perry_Clease]

Default password

[Stormspace]

Ahh. Understood.

[will_col]

I know loads of people who don't like Apple's policy on controlling the App store and like to install third party apps that Apple wouldn't approve. However, you jailbreak your iPhone/iPod touch at your own risk, don't go crying to Apple or cnet when it gets infected with a worm or whatever!<br /><br />At the end of the day, it's Apple's platform, hardware and OS that is on the device. They can do what they want with it. Get something else if you don't like it.

[brian.lee]

It has nothing to do with Apple control and more to do with the fact that users just want their iPhone to work on other GSM networks and could care less about 3rd party apps from 3rd party code repositories. If Apple would just allow users to purchase unlocked iPhones at the FULL price than this wouldn't be such a big problem. I'm a perfect example I travel quite a bit between different countries and I don't want to pay $1 a minute in roaming fees or 0.75cents a text message I'd rather buy a local SIM. But I can't do that with my Carrier locked iPhone, so what I've done instead is I coughed up $650USD for a factory unlocked iPhone from Apple.

[RTFM]

Similar to Windows OS that people refuse to patch then whine about it getting hacked. <br />Or they defeated the activation and... Arggg this aint worth typing more.

[Gary Valan]

@brian.lee, I was not aware that you could buy an unlocked iPhone from Apple? I have an iPhone from overseas that I can't use in the U.S. and I would much rather have my teeth pulled before I'll pay AT&#38;T more money than I already do to buy yet another iPhone for when I am here. I thought I would switch to a Droid and Verizon but they are not necessarily any cheaper.<br /><br />As to jailbreaking the iphone: There's not enough free time in my life to be part of a Geek War with Apple on one side and the jailbreakers on the other...the whole thing is so silly.

[iMikeNews]

That only applies to the people that have ssh'ed into their ipod or iphone

[SniperAC]

Nice article but how about explaining how you get this? are they just scanning SSH ports looking for default passwords? or is it an APP some one installed.<br /><br />kool_skatkat: the "Jailbreak creator" doesn't have anything to do with the security of your phone. This is up to you once you have unlocked it and enabled stuff on your own like OpenSSH.<br /><br />This article left out some details that would help the iPhone jailbreakers and with "Sophos recommends that people with infected iPhones and iPod Touch devices restore them back to Apple's most recent firmware update. For now, there is no other way to fix the problem." <br />it sounds more like a scare tactic then anything.

[cvaldes1831]

Nah, it's not just a "scare tactic."<br /><br />If you actually read the linked article at Sophos, they point out that the default password is changed by the worm, so you can't simply SSH back in and try to clean up the damage yourself. Basically, your jailbroken device locks you out from messing with it any further.<br /><br />That's why the recommendation is to restore back to a recent firmware update.

[SniperAC]

It's not that I didn't read the Sophos article it's the point of if your going to make an article of an article you give details and expand on it (unless you like creating internet article duplications with half of the information and another link that states "go here for the real report")<br /><br />As for the scare tactic: You have the worm! Restore your phone! QUICK! QUICK!<br /><br />I don't believe anybody with the (30 seconds of) talent to unlock their iPhone and install OpenSSH would ever keep their password the default. Nawwww never, they are way too smart...

[jinx101a]

And now, for the Apple apologists.

[lkrupp]

"And now, for the Apple apologists."<br /><br />Care to explain how this is Apple's fault?

[Stormspace]

This isn't Apple's fault. Anytime you hack a device to do something not originally intended you will have these types of issues. We can't blame Apple for a configuration issue they didn't have any control over, just like you can't blame Microsoft for virus's. People do things to make their machines vulnerable all the time.

[cloudmatt]

I blame Verizon for locking down my phones capabilities and further more blame them for me having to crack and unlock my phone. You are standing up for Apple for dictating what you can do with your property and directly blaming the person who wants their very expensive smart phone to do what they want it to. I agree that the user's actions opens up the security hole just as I accept that Verizon might not give me support for what has been done to my phone. I still shouldn't have to crack/unlock the phone I paid for and neither should the i-Phone users.

[protagonistic]

@ cloudmatt<br /><br />You made the choice to sign the agreement. If you don't like the terms don't buy the plan.

[setgo]

You don't have to do anything of the sort cloudmatt. It's not like Apple changed the rules on anybody. You know that when you buy an iPhone, Apple is maintaining tight control over the apps to prevent this very thing. No one is making you do anything. If your phone gets infected because you decided to jailbreak it, it's your own fault.

[cloudmatt]

I didn't say you were forced just that the users are being sold and paying for devices that can do more than the parent companies will allow and that is wrong. I still take total responsibility if by my actions I mess up my service agreement and or phone but I still feel i can reserve the right to say cracking/unlocking/jailbreaking ones phone shouldn't be needed.

[Seaspray0]

"And now, for the Apple apologists." <br /> <br />This isn't apple's fault. I dare you to add me to that list.

[jscott418]

I would imagine these hacker's who created the jail broken software for the iPhone probably cared little about testing it or updating it for security problems. I guess you get what you pay for.

[eklectiqred]

Since you obviously know nothing about jailbreaking an iPhone or iPod Touch, I'd suggest you keep your comments for yourself.

[setgo]

@eklectiqred<br /><br />Why should he have to keep his comments to himself? If you don't like opposing views, I'd suggest you not come to this site.

[Josh Freedman]

You need to include the word Jailbroken in the headline.<br /><br />This is not a worm that will affect anyone using the iphone as Apple recommends. Someday there may very well be an iphone worm that affects regular iphones. Should that occur, please title the article as you have. Otherwise, not including that fact that this is on a Jailbroken phone is pretty misleading.

[cvaldes1831]

Pageviews. It's all about pageviews. If they inserted "jailbroken" into the article headline, they'd probably have a quarter of the pageviews, maybe even less.

[gel443]

I wouldnt put it past Jobs to put this out there. The jailbrake phones have been a pain in his side since the phone came out. Cant think of a better way to make people afraid to break the phones. Just my two cents

[protagonistic]

I doubt that Steve could care less about jail breaking iPhones. It just means more sales for him. Now AT&#38;T may be another matter all together.

[setgo]

You got that right gel443. Your comment is worth about two cents. I would suggest that you really think about what you posted, but the more a dufus like you thinks about it, the more sense it would make to you. But I think that you should know that the world's top CEO is not going to jeopardize his company by putting out a virus. SMH

[Vegaman_Dan]

As stupid as I think this would be for Apple to do, it isn't entirely out of the realm of possibilities. Apple already has tried to link jailbreaking your iPhone/Touch to be akin to international terrorism, so... who knows?

[wellhungcow]

I find the title of your story misleading. The worm you describe as you yourself state attacks JAILBROKEN iPHONES, and yet you state that you have found another worm on iphones. Secondly you state that there is ANOTHER worm on the iphone what you probably want to state is that there is ANOTHER WORM FOR A JAILBROKEN iPHONE.<br />The difference between the two ways of stating this story will effect the value of the iphone brand. It may even cause minor fluctuations in the stock market price of apple shares. Your portfolio of stocks should be investigated to check whether you are using your misleading stories to profit from them. That would be the dirtiest form of journalism you could indulge in.<br />You probably aren't able to do real journalism and hence are reduced to using sensationalist headlines to get web hits to boost up your numbers. Shame on you.

[jcmark42]

If you've jailbroken your iPhone/iPod Touch, you should be able to secure it yourself or find the information online. If you don't know what you are doing and just had a buddy do it for you then it's your own fault.<br /><br />In other words, use at your own risk for free items. It is no one's fault but your own.

[DrtyDogg]

True words, people need to take responsibility for their actions. If you want to jailbreak your iPhone, do so, but you are responsible for any negative side effects as a result of that choice.

[jyar727]

Apple created the worm to discourage people from jailbraking and encourage them to install their firmwares.

[cloudmatt]

I'd ask you how your tinfoil hat fit but maybe I should break out some Reynold's wrap myself.

[shuyin84]

HEY, THOSE HAT'S ARE COOL!!!

[ClaBR]

People with jailbroken iPhones can't blame Apple for the security problem, just as the many victims of the Conflicker virus that got it on Windows because they had Automatic Updates disabled to avoid the WGA, or people who have issues with modded Wii's, XBoxes, etc.

[woggs123]

Pure sensationalism. Got over to gizmodo to see the reasonable, intelligent report that this should have been. http://gizmodo.com/5410732/new-jailbroken-iphone-worm-wants-your-bank-details

Thank you for posting that link. I knew I should have just gone to Gizmodo to get the real scoop.

[Soul of Wit]

To sum up, this worm affects ONLY those who have:<br /><br />1. Jailbroken their iPhones<br />2. Enabled SSH (many who jailbreak do not do this)<br />3. Left the default password as is (really, really stupid)<br /><br />This sounds no more serious that the previous worm. If, like me, you define "serious" as being a threat to most iDevice users.<br /><br />CNET: for the entertainment value of reading the comments.

[shuyin84]

Another fix is to just not jailbreak your iPhone, sounds simple enough eh?

[davidmcelroy_dotmac]

Your headline is misleading and irresponsible. Let's put this into perspective. Let's say we're talking about a car that was being modded to be unsafe. Let's say that Honda, for instance, made a car that was perfectly safe. Let's say that there was a small community of car enthusiasts who discovered that if they modified the engine in a radical way, they could get the car to do things it wasn't designed to do, but it also might blow up. Let's say that Honda warned people NOT to do this thing, but people were doing it anyway and some of them were potentially getting hurt. Would you reasonably or rationally have a headline about how the Honda was an unsafe car or a headline talking about problems for Hondas? No. You wouldn't. Because the fault would lie with the owners of a relatively small subset of users who were doing something unsafe.<br /><br />Instead of doing the responsible and honest thing, you're writing a headline that makes it appear that there is something dangerous attacking iPhones, which just isn't true -- as long as you are using the thing as designed. An honest headline might be, "Yet another reason not to jailbreak your iPhone," or even, "Users discover another security risk in unauthorized iPhone mods." There are plenty of honest and accurate approaches. But ANY approach to the headline that makes it appear this is a problem for a normal, everyday iPhone user is a lie. And it's really bad journalism.

[Maclover1]

"but this one is serious"<br /><br />Stupid is as Stupid does. This is just like those Mac users that downloaded a pirated copy of iWork only to get a trojan from it.<br /><br />Dont like the way Apple locks down the phone, get a Droid.

[Synthmeister]

Thank you for the perfect comment on this sorry mess. If people want to Jailbreak their iPhones, that's great, I have zero problem with that, as long as they aren't pirating apps or hijacking my local cell phone tower.<br /><br />But then they get upset that their own jailbreaking enabled a malicious exploit of their iPhone?<br /><br />And yes, Apple makes over $600 off of each iPhone whether you jailbreak it or not. And they will continue to push out OS updates, hardware updates and app updates whether you jailbreak it or not. If you don't care, great! If you do care, don't complain after you jailbreak the phone and start to have "issues."

[rapier1]

Why I love the walled garden. The outside world is scary after all.