Dangerous Worm Targets Jailbroken iPhones

By Geoff Duncan Updated November 23, 2009

Yet another worm has appeared that targets jailbroken iPhones and iPod touch devices, using the same default password vulnerability in SSH remote login software to crawl its way into the devices. However, unlike the two previous worms exploiting the vulnerability, this worm protets itself by replacing the vulnerable SSH software, has the capability to steal sensitive data, and can update itself via a botnet-like command-and-control architecture to add new malevolent features.

Apple-iphone-sg3

As with previous iPhone/iPod touch worms, the only devices potentially vulnerable are those that have been “jailbroken” to use unapproved applications or to operate on mobile carriers other than Apple’s selected iPhone partners. The worm exploits a vulnerability in the default rool password used for the SSH remote login software; users who have jailbroken their devices can protect themselves by changing their default SSH root passwords. Users who have not jailbroken their devices are not vulnerable.

According to security firm Sophos,the new worm uses an architecture like a typical PC botnet, enabling the worm’s creators to gather data and send updates to infected devices. The worm “configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server (HTTP) to upload stolen data and cede control to the bot master.” The worm assigns each infected device a unique ID number, potentially enabling the worm’s creators to target compromised devices individually.

The worm also changes the default root password on the iPhone or iPod touch, making it impossible for users to retake control of their devices without reinstalling Apple’s default firmware. The worm currently targets IP ranges belonging to Dutch and Australian ISPs, as well as T-Mobile. One impact of the worm is that it seriously depletes battery life in infected devices because the worm produces so much network traffic. The worm may also be related to so-called Banker Trojans: it appears to look for two-factor authentication requests from banking systems that send one-time passwords to mobile users via SMS.

Topics

Former Digital Trends Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Mobile

This hidden Apple Watch feature is better than I could have imagined

FaceTime call alert.

Apple Watch getting FaceTime caller notification Nadeem Sarwar / Digital Trends

A few days ago, I bravely admitted to my colleagues that I rely on an Android tablet for my daily work. “Nadeem, has anyone told you about PCs,” one of my editors replied. “Good god, man, who hurt you?” remarked another senior editor. They’re not wrong, while I remain as shameless as ever in my experimental preference for work machines.

Mobile

Best Cricket phone deals: Get an iPhone 11 for free and more

cricket switcher credit rsz 1cricket store side view

Cricket Wireless is one of the most affordable wireless service providers, and right now they’ve got some amazing discounts on phones taking place that can easily get you onto the Cricket network. These aren’t just throwaway phones either, as they include the likes of Samsung’s, Motorola’s, and Apple’s phone lineups. Several of them are entirely free and they provide more capability than many of the best cheap phones, so read onward if you’re in the market for a really good phone at almost no cost and are looking to make Cricket your cell phone service provider.
TCL 30 Z — Free, was $90

You’re not going to find a better price than free, and the TCL 30 Z is a phone worth going out of pocket for. You’re getting quite a bit of phone at zero cost with the TCL 30 Z, as it has a 6.1-inch HD+ display that provides enhanced visuals and adaptive eye care modes. The rear camera has an 8-megapixel sensor and a Google Lens, and you can capture amazing selfies with the front-facing 5-megapixel camera. This phone also has a quad-core processor and 32GB of internal storage, making it a great option if you like to interact with media online or create your own.

Mobile

Your next iPhone may have no bezels. Here’s why that could be a problem

iPhone 14 Pro Max laying on top of iPad showing always-on display with wallpaper setting off.

Don’t believe everything you see, but there’s a certain joy in imagining products with a futuristic touch to them. One such fantastical element of the smartphone industry is a truly bezel-free all-screen phone. And as implausible as that sounds, it looks like Apple might be the one to achieve it — and at the biggest scale imaginable.

According to South Korean outlet The Elec, Apple has reportedly asked, “Samsung Display and LG Display to develop an OLED that removes all front bezels from the iPhone.” Apple has been painfully slow at eliminating the bezel on iPhones and continues to sell the iPhone SE (2022), which should ideally exist in an era that is half a decade too persistent.