bit-tech.net

Botnet worm hits iPhone users

Botnet worm hits iPhone users

iPhone owners with jailbroken handsets should ensure that the root password is changed and the SSH service disabled.

An upgraded version of the iPhone worm which exploited jailbroken handsets is doing the rounds, but this time it's far more malicious.

You may remember the reports of a Dutch cracker who was holding jailbroken iPhones which still had the default SSH password - 'alpine' - to ransom, demanding payments of €5 to secure the device against illegitimate use. Sadly, someone with a far nastier mind has caught on to the idea - interestingly, with the initial reports coming once again from Dutch users.

As reported by Chester Wisniewski at anti-virus vendor Sophos, reports from Dutch ISPs indicate that a suspicious level of traffic was coming from iPhone users - in particular scans aimed at port 22, the TCP port used by the Secure SHell (SSH) service which allows users to log on to a jailbroken iPhone.

Unlike the original attack, this version of the worm is both more sophisticated and more malevolent - joining infected iPhone and iPod Touch handsets to a botnet via a command and control server located in Lithuania and changing the default SSH password to an obscenity to make repairing the damage done that much harder. Before handing control of the iPhone over to the central botnet server, it uploads personal information garnered from the handset - including two-factor authentication SMS mTANs used by online banks - before attempting to scan for other insecure iPhones it can infect. Indeed, the amount of traffic generated is so great that one of the major tell-tales for infection is a drastically reduced battery life when the iPhone is connected to a WiFi network.

So far there appears to be no easy way to remove the worm once infection has taken place, with Wisniewski recommending that users with jailbroken handsets restore the default, locked-down version of the iPhone's operating system via iTunes in order to protect themselves. Tech blog Redmond Pie has alternative advice for those who are not yet infected: simply change the SSH password from the default value, or disable the SSH service altogether once the jailbreak has taken place.

Are you surprised to see a worm of such sophistication hit the iPhone, or has its popularity combined with always-on Internet connectivity made it an obvious target for ne'er-do-wells? Share your thoughts over in the forums.

20 Comments

Discuss in the forums Reply
crazyceo 24th November 2009, 10:27 Quote
I think this was only a matter of time. If you have a jailbroken iPhone, I suggest you undo it now.
Hugo 24th November 2009, 10:45 Quote
Quote:
Originally Posted by crazyceo
I think this was only a matter of time. If you have a jailbroken iPhone, I suggest you undo it now.
Of course! I would much rather significantly reduce the functionality of my handset than change a password.
crazyceo 24th November 2009, 11:12 Quote
haha good point. I don't have an iPhone so I wouldn't know what other benefits you get rid of by the jailbreak. They're all far too shiny, shiny for me.
Cerberus90 24th November 2009, 11:16 Quote
No surprise really. I mean as soon as a piece of hardware/software/kit gets popular, and can be used for personal information, someones going to hack it. I mean its basically a computer isn't it.
Paradigm Shifter 24th November 2009, 12:02 Quote
Change the password, disable SSH until you next need it... easy enough to do I would imagine if you can jailbreak the phone. Seems like it's a case of those unaware of the dangers getting hit again, which is the way it always is with viruses.
TheUn4seen 24th November 2009, 12:03 Quote
Quote:
... has its popularity combined with always-on Internet connectivity made it an obvious target for ne'er-do-wells?

No, it's user stupidity. If you leave SSH with default password you should get punished by losing all your data and money from your online bank. And Apple users are well known for being not-the-smartest ones, so they're an obvious target.
B3CK 24th November 2009, 14:23 Quote
Are we gonna see a Verizon Droid commercial that states: idont send your bank info to crimminals, idont promote infections to others. ?
tank_rider 24th November 2009, 14:31 Quote
If people even followed the instructions properly they would be covered! I guess it's a case of things that need doing once you have "finished" the jailbreak which people ignore.
ch424 24th November 2009, 14:43 Quote
Quote:
Originally Posted by B3CK
Are we gonna see a Verizon Droid commercial that states: idont send your bank info to crimminals, idont promote infections to others. ?

When you root an android phone (well, maybe not all of them, but it works like this for mine), it sets the SSH password to the phone's IMEI number. Pretty sensible, because it's easy to look up if you own the phone, but harder to guess than 'alpine'!
AshT 24th November 2009, 16:36 Quote
Android is an open OS and the guys on these forums are always going on about how Android will one day rule the world ... but doesn't it mean that they'll end up with lots of diseases ... oh ... sorry, what are they called ... viruses?
ryall 24th November 2009, 17:45 Quote
Quote:
Originally Posted by crazyceo
I think this was only a matter of time. If you have a jailbroken iPhone, I suggest you undo it now.

spoken like a true C.E.O. ;p
Andersen 24th November 2009, 19:39 Quote
I'd say this reaches out and touches in a bad way only those who do NOT change the root password. Aka, the ignorant and newbies.
Quote:
Originally Posted by ryall
Quote:
Originally Posted by crazyceo
I think this was only a matter of time. If you have a jailbroken iPhone, I suggest you undo it now.

spoken like a true C.E.O. ;p

Hehe so true.

[Edit]My iTouch is jailbroken and root pw, well, something else than default.[/Edit]
ConservativeOC 24th November 2009, 23:58 Quote
The title of this article should include the word "JAILBROKEN". I wouldn't have even bothered to click on this story if it was properly titled...but I guess the author realized this as well.
Horizon 25th November 2009, 01:04 Quote
Fine print: Jailbreakers, you just don't get the best of both worlds, also included is the worst of both and all it's baggage.
Krayzie_B.o.n.e. 25th November 2009, 05:48 Quote
"Want your Iphone to actually be used while you browse useless apps?"

BOTNET!

"There's an app for that"
culley 25th November 2009, 06:09 Quote
Quote:
Originally Posted by ConservativeOC
The title of this article should include the word "JAILBROKEN". I wouldn't have even bothered to click on this story if it was properly titled...but I guess the author realized this as well.

I havent seen one heading for this article on the internet that says jailbroken iphones in the headline"

I'd say around 65% of the people with a jailbroken iphone would know what SSH was, the rest well.

i know alot of people with jailbroken iphones and they dont know anything about how it works, they got someone to jailbreak it for them.
null_x86 25th November 2009, 08:33 Quote
Quote:
Originally Posted by HugoB
Of course! I would much rather significantly reduce the functionality of my handset than change a password.

QFT. Is it really hard to change a password? jeeze, people whoare like "remove the jailbreak" need a good schooling.
Dreaming 25th November 2009, 10:29 Quote
I have SSH on my fileserver and even though I didn't really know what it was before I set it up following the guide on here, did I make sure to have a secure password? Of course I did.

I guess the difference with the iPhone is that you don't need to explicitly turn SSH on, as soon as its jailbroken its there with the default password. I don't know.

It's still pretty dumb not to change from default passwords.
DeathAwaitsU 25th November 2009, 12:02 Quote
Quote:
Originally Posted by HugoB
Quote:
Originally Posted by crazyceo
I think this was only a matter of time. If you have a jailbroken iPhone, I suggest you undo it now.
Of course! I would much rather significantly reduce the functionality of my handset than change a password.

lol
B3CK 26th November 2009, 00:48 Quote
Yes I do hope android will get as popular as apple's toy, and when it does, probably before, it will start to see malicious code as well.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums