There has been talk in the tech news about an iPhone worm, that has made it’s way on to a number of jailbroken iPhones, in Australia. A hacker named “Iketx”, has released a worm that will “Rick Roll” your iPhone, by changing your wallpaper to a picture of Rick Astley. To me, this is hilarious, but is quite a serious issue. If someone can get into your iPhone to change your wallpaper, they can pretty much do anything in there.

So, where is the vulnerability? This worm can only affect jailbroken iPhones, with OpenSSH installed. OpenSSH is used, by the user, to wirelessly gain access to the root folders, to change, or install files. The default password is widely known to be “alpine”, and if you don’t change it, you leave your iPhone vulnerable to anyone who knows how to gain access.

I will say, that there has to be a certain set of circumstances in place for this to happen. You would have be on the same WiFi network as the perpetrator, and you would have to have your iPhone “in use”. By that, I mean: lock screen not locked and WiFi active. The hacker could then easily scan for devices connected to that network, and infect any or all of them.

How do you protect yourself? The simplest, easiest thing you can do is: don’t jailbreak your iPhone. Since that is not an option for most of you reading this, the second easiest thing you can do is, install SBSettings (available in Cydia, for free), and toggle off SSH. Then you can toggle it on, only when you need access to your root folders.

sshSBSettings

The other thing you can do, is change your SSH password from the default one. You will need to change the mobile password, as well as the root password. Here’s what you gotta do:

– Install “Mobile Terminal”, from Cydia, (it’s free). Once that is installed, open it up.

– Type “passwd”. You’ll be prompted to type in your current password, which is “alpine”. Hit enter. (Don’t worry if you don’t see any characters as you type your password, you’re not supposed to)

– You will then be prompted to type your new password. Make sure it is something simple you can remember. Hit enter, and you’ll be asked to re-type the same password. Hit enter. Your mobile password is changed.

– Now type in “su root”. Hit enter, and type your current password (alpine), hit enter.

– Type “passwd”, then type in the new password, twice.

Now, your mobile and root passwords are changed.

PhotoToMac Mike's iPhone 3GS 1

There you go. You’re now protected from “prying eyes”. Once again, I’ll say, the odds you’ll get a virus or worm on your iPhone are pretty slim, but better to be safe than sorry. Now that this simple and harmless worm has been publicized, we may see more of them popping up around the world, and they may become more dangerous.

Advertisements