Here’s further proof that you should understand what it is you’re doing when you go to hack your handheld. Jailbreaking an iPhone has been made quite easy to the point that a lot of folks do it without reading any of the accompanying documentation. Those who didn’t heed the warning to change the default SSH password on a Jailbroken phone might get a bit of a surprise. A worm has been unleashed that finds Jailbroken iPhones and changes the background image to a picture of [Rick Astley]. That’s right, they’ve been Rickrolled.
It’s a clever little devil that propagates by grabbing the IP address of the iPhone it is currently on, then testing all of the IP address in that family to find other devices using the default password. Luckily this worm’s activities are not what we’d call malicious. It doesn’t format the root or create a cell based bot-net (that we know of). This would be akin to the antics of searching Google for unprotected installations of MythWeb and setting some poor schmuck’s MythTV to record every infomercial ever. The point is, this could have been a lot worse, but the attack is predicated on stupidity. In our digital age, why are people leaving default passwords in place?
It is mostly young people jail breaking their iPhones so I do not find it surprising that this worm is spreading. What is the difference between the default SSH password and not to a high schooler?
I kinda wonder if Apple made this worm themselves, so they could make a nice excuse for themselves to crack down on jailbreaking…
Hey, if people can believe we didn’t land on the moon, I’d be surprised if someone didn’t wonder about this…
@chiefcrash
I don’t see Apple using this as an excuse to “crack down” because it’s in no way malicious (unless you count a picture Rick Astley as malicious). They’re already cracking down with every new iPhone OS release (or at least they’re trying).
watch, midnight every jailbroken iphone with brick. lol
This is:
1. Old news
2. NOT a damn hack
3. Not even a virus (or malicious)
HackADay should be changed to RubbishADay
I’ve still got the default SSH password but SSH is turned off unless I need it using an SBSettings switch. I don’t think the break I used even came with SSH and I had to grab OpenSSH from Cydia before I could use it anyway. The number of jailbroken phones this likely affects is very small.
@mars:
I find it interesting actually. If you don’t like the article, you do not have to read it you know. There are many more sites to go troll after all.
Great anger I sense in @mars, he is too old to complete his training.
Did this originate from Thailand? Just asking because the characters on the right image are Thai and amusingly enough Kee is a Thai word http://bit.ly/2dfD3R
@JackVandaL from what I read last night, this is from Australia
I would consider this a white hat hack for the fact that it reveals a security flaw in a non-destructive manor.
Sure, the users are responsible for changing their own phones – but this is all too common a method of penetration. Personally, I think software designers and manufacturers should stray away from the use of default passwords. If it’s too hard for somebody to change the password, then they probably don’t need access to the rest of the stuff…
You shouldn’t modify your iPhone anyways. You were not granted the right to do so. You do not own the software, it was licensed to it. Once you make a derivative work (jailbreak it) you have violated this license and are no longer able to use the software. All you are left with is the hardware. If you install a new OS on an iPhone, good for you that’s all you can actually do legally anyways.
Hacks are neat until you violate the IP of others . Hack free software instead, you hack the right!
@Stupid Teen Punks Have No Clue
Oh hai, Steve.
@Stupid Teen Punks Have No Clue
That sounds more like not owning something if you need the permission of someone else to modify it.
I can see why Apple wouldn’t want people to jailbreak the iPhone – software shouldn’t be free, it should cost money, and apple should be able to get it’s hand in the pot!
Well this is spread to force people to change their passwords. This is a serious vulnerability, and if properly exploited by the evil, the results would be bad for jailbreak community, and apple would try to take more and more aggressive protection schemes.
So I’m happy that such a worm exists so people will try to learn how to change their passwords.
http://www.hulu.com/watch/88782/rip-a-remix-manifesto
the devs @ apple are smart enough to have realized by now that jailbraeking is a good thing for them.. that is why 3.x distributions for the iphone line have been the easiest for the dev team to crack… with jailbreaking comes unlocking- this allows users to switch off of at&t- what this means is that by proxy, apple gets more iphone purchases (because service is extended to 2 service providers in the u.s.)
and yet apple can retain it’s monopoly of at&t raking in the cash.. they r playing at&t for piles and piles of cash.. it’s the best of both worlds for apple
Classic.
@Stupid Teen Punks Have No Clue
apparently you are the one without a clue. That little EULA is not a legal binding contract. This has been proven through numerous cases, and has distinctive precedence of the lack of legitimacy of the EULA agreement.
@xrazorwirex: Thanks for the video, very interesting watch.
David, tell that to Microsoft. I expect they and their lawyers would not agree with you. I think EULA’s are B.S but some goof lawyer will… well do his job. Why EULA’s are meaningless is the logistics of enforcing it. Pointless unless some one modifies your software and profits from it enough to be exposed. You simply can not act legally against millions of people for individual violations of a contract. That’s retarded and expensive. It’s not legally binding because that would cost too much money and ,therefore, it is never pursued.
@brett apple would use this as an excuse to crack down for the mere fact that if the worm can change the desktop picture who knows what else it can do it is possible that it could turn the iphone into a spam bot.
so if you are going to be too lazy to change the password i think the jail breaker should be force changing the password or at least ask you to assign a new password.
22 comments, and no post to the interview with the author? :D
http://blog.jeltel.com.au/2009/11/interview-with-ikee-iphone-virus.html
(Found via a comment on the Slashdot article, http://apple.slashdot.org/story/09/11/08/1411259/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones .)
Changing a background seems trivial. Can anything useful be done?
People are just lazy or just careless almost ever wireless router i have seen has a default pass. Same goes with any electronic device peoople seem to love default passes.
I’ll say what others where hinting at: Most people who follow the jailbreak development are morons. One need not go any further than twitter or myspace to observe this.
I’ve seen some of them comment here. They attempt to enlighten us on the technical aspects of something they obviously have no clue about. Kind of like the myspace/phone-losers demographic.
This attack could be escalated easily if the attackers had more skill. I’m surprised it wasn’t kiddy porn as this looks *chan’ish.
@moo
That’s because the default passwords are listed in the manual / documentation, people don’t want to learn ANOTHER password.
haha Rickrolled! This is a very funny idea.
@Stupid Teen Punks Have No Clue
you troll much too hard
be gentle in your trolling
mild approach, success
@mic
“tell that to Microsoft. I expect they and their lawyers would not agree with you. I think EULA’s are B.S but some goof lawyer will… well do his job.”
Why people refer always to Microsoft ? it Apple now ! they become a bad guys long ago, far worse than MS