The lure of downloading just about any application you want on your iPhone is just damn hard to resist. Thus, many iPhone users are jailbreaking their device to enjoy the benefits. But F-Secure, one of the leading players in digital security, is warning jailbroken iPhone users about a new breed of iPhone worm running amok. And this time, the worm is doing more than just “rickrolling” your iPhone’s background.

The vulnerability is open to all jailbroken iPhone users with SSH installed. (If you have not jailbroken your iPhone or installed SSH, then you should be safe.) The worm’s mode of entry is through exploiting the default root password of jailbroken iPhones, which most jailbroken iPhone users have not changed from “alpine” to their own nominated password.

The early breed of this worm does no more than slapping Rick Astley’s face on your iPhone’s background. If you’re a fan, which there’s not much left in the world, then the worm should not be that much of a threat to you. But F-Secure is warning people about the new breed of worm that does real harm to iPhone users.

This new worm acts like a botnet. It’s able to execute commands from its makers stealing bank details of people living in Netherlands, or those conducting banking transactions with Dutch online bank ING through their iPhone. ING warn its customers of lookalike log-in page designed to steal their identity. The worm exploits the same vulnerability through an unchanged root password of jailbroken iPhones with SSH. Although the victims are isolated in the Netherlands, the worm is capable of spreading. It can jump from one vulnerable unit to another through a network like Wi-Fi hotspots.

To plug the vulnerability, jailbroken iPhone users with SSH installed are advised to change their root password immediately. In case you do not know how, here’s a step-by-step process to do so. (You must have Mobile Terminal from Cydia installed on your unit to execute the process.)

1. Open Mobile Terminal application

2. Type “su root” and tap return. When it prompts for a password, type “alpine” and tap return

3. Type “passwd” and tap return. Now type your nominated password and tap return. Retype your password to confirm and tap return to end the process.

This should change the root password of your SSH and plug the vulnerability of your unit.

Although Apple has been very clear on their negative position about jailbreaking their iPhones, the act still remains relatively safe for the security conscious. Change your SSH root password right after jailbreaking your unit; do it before you even think about connecting to a network.

*Images courtesy of http://www.cultofmac.com/how-to-change-your-iphones-default-ssh-password/20871

Popularity: 1%

No related posts.