Personal Data Compromised by iPhone Worm

Jailbroken iPhones have been attacked again. iBotnet.A is the latest in a string of attacks to exploit the root password common to iPhones running SSH. The only way to insure security (besides NOT jailbreaking your iPhone) is to change your root password.

iBotnet.A (also known as Ikee.B or the "Duh" virus) spreads from iPhone to iPhone across the network sending personal data to a server located in Lithuania. Address ranges from service providers in Portugal, Hungary, Australia and the Netherlands have been targeted.

Malware Secretly Copies Private iPhone Data

Only days after the ikee worm was unleashed on Australian iPhone users a tool has been discovered that steals private data from jailbroken iPhones. iPhone/Privacy.A is a malware tool that runs on computers (or on an iPhone) and scans the Wi-Fi network for vulnerable iPhones.

After discovering and accessing the devices in range it copies all private data including SMS messages, videos, email, calendars, music, photos and all other app data to the computer. The program does all this without ever making the iPhone user aware of its intrusion.

Ikee Virus Infects Australian iPhones

Rickrolling has finally made it to the iPhone. The first known iPhone worm has been released in Australia, spreading from phone to phone over the network. Only jailbroken iPhones running SSH with the default root password are affected.

iphone worm ikee

The ikee worm exploits this security weakness to infiltrate the iPhone file system and search for other jailbroken iPhones in the vicinity. The malware also changes the lockscreen wallpaper to a photo of 80s pop icon Rick Astley with the message "ikee is never going to give you up."

How do I change my iPhone root password?

Jailbreakers everywhere should be aware that the default root password from Apple is "alpine" and presents a security threat if SSH is installed. SSH can be uninstalled or switched off when not in use, however changing the password once will solve the problem.

To change your root password and help prevent unauthorized access to your iPhone:

1. Connect to your iPhone using SSH on your computer.
2. Type 'passwd' without the quotes at the command prompt and press return.

Apple iPhone Firmware 3.0.1 Available Now

Apple has released version 3.0.1 of the iPhone OS software. This fixes the recently revealed SMS security flaw. The security hole was illustrated on Thursday by Charlie Miller at the Black Hat 2009 conference in Las Vegas.

iPhone owners can download and install the 3.0.1 update using iTunes immediately. Left unpatched, the problem makes it possible for iPhones to receive malicious binary programs through SMS messages without the user's knowledge.


Subscribe to RSS - Security