The Thailand expat forum for Travel, Lifestyle and Fun.

Gipsy · 10-11-2009, 10:00 AM

From BBC News,
Monday, 9 November 2009

Worm attack bites at Apple iPhone

The worm changes the wallpaper of the phone

The first worm to infect the Apple iPhone has been discovered spreading "in the wild" in Australia.
The self-propagating program changes the phone's wallpaper to a picture of 80s singer Rick Astley with the message "ikee is never going to give you up".
The worm, known as ikee, only affects "jail-broken" phones, where a user has removed Apple's protection mechanisms to allow the phone to run any software.
Experts say the worm is not harmful but more malicious variants could follow.
"The creator of the worm has released full source code of the four existing variants of this worm," wrote Mikko Hypponen of security firm F-secure.
"This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper."
The picture of Rick Astley is believed to be a nod to the internet phenomenon known as Rickrolling, where web users are tricked into clicking on what they believe is a relevant link, only to find that it actually takes the user to a video of the pop star's song "Never gonna give you up".
'Stupid people'
The worm has so far only been found circulating in Australia, where the hacker - Ashley Towns - who wrote the program lives.
The 21-year-old told Australia's ABC News Online that he created the virus to raise the issue of security.
It only exploits jail-broken phones that have SSH installed, a program that enables other devices to connect to the phone and modify the system and files.

My prediction is that we may see more attacks like this in the future

Graham Cluley

The worm is able to infect phones if their owners have not changed the default password after installing SSH.
"What's clear is that if you have jail-broken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, 'alpine'," wrote Graham Cluley of security firm Sophos.
"In fact, it would be a good idea if you didn't use a dictionary word at all."
After a phone becomes infected it disables the SSH service, preventing reinfection.
The code contains numerous comments from Mr Towns about his motivation.

Jail breaking allows a user to run non-Apple approved software

One comment reads: "People are stupid and this is to prove it."
"It's not that hard guys. But hey who cares its only your bank details at stake."
The worm can be removed by changing the phone's password and deleting some files.
A spokesperson for Apple warned against jail-breaking handsets.
"These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably," the spokesperson said.
Some estimates suggest that up to 10% of all iPhones and iPod Touch are jail-broken.
The practice allows a phone user to install software and applications that have not been approved by Apple.
"Phone users may rush into jail-breaking their iPhones in order to add functionality that Apple may have denied to them, but if they do so carelessly they may also risk their iPhone becoming the target of a hacker," said Mr Cluley.
"My prediction is that we may see more attacks like this in the future."

DaffyDuck · 13-11-2009, 01:30 PM

...only if you're dumb enough to jailbreak *and* deliberately install SSH *and* leave the default root passwords unchanged.

By default, a jailbreak installation does not include SSH... in other words, you need to work really hard at being stupid.

Gipsy · 24-11-2009, 10:08 AM

From BBC News,
Monday, 23 November 2009

New iPhone worm can act like botnet say experts

Jail-breaking an iPhone handset invalidates the warranty says Apple.

A second worm to hit the iPhone has been unearthed by security company F-Secure.
It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.
It redirects the bank's customers to a lookalike site with a log-in screen.

The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset.
The handsets at risk also have SSH (secure shell) installed.

Many people use SSH so other programs can remotely connect to an iPhone and, among other things, transfer files. It comes with a default password, "alpine" which should be changed.
Only users who have installed SSH and not changed the password are at risk.
The new worm is more serious than the first because it can behave like a botnet, warns F-Secure.
This enables the phone to be accessed or controlled remotely without the permission of its owner.

'Clearly malicious'
"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.

"It's fairly isolated and specific to Netherlands but it is capable of spreading."
He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot.
A spokesperson for ING Bank said that a warning was going to be put on the bank's official website.

"We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands."
The first iPhone worm, called ikee, was harmless. Users with infected phones found their wallpaper replaced with a picture of 1980s popstar Rick Astley.
It also targeted jail-broken phones which were SSH enabled.
Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.

DaffyDuck · 24-11-2009, 10:41 AM

...and again, to reiterate -- the only people at risk are incredibly dumb jailbreakers. Regular, non hacked or jailbroken iPhones are **NOT** affected by this 'alert'.

Gipsy · 24-11-2009, 11:21 AM

DD, no intention to scare off people into buying a iPhone, just pass 'the can of worms'.... You're right; it's only for the nitwits that have their toy hacked/jailbroken. When they're stupid enough to jailbreak, and remove the protection, they should be 'smart' enough to change the default password when they install SSH, or get infected.

Update: Additional information from Intego reveals that the worm also steals personal data as well as opens the iPhone up to further access/control. When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices

Update 2: The Loop reports that Apple has issued a brief statement regarding the latest threat:"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

StrontiumDog · 24-11-2009, 11:28 AM

Only in the Netherlands too...

10-11-2009, 10:00 AM	#1 (permalink)
Gipsy Pong Nam Ron Last Online: Yesterday 08:33 PM Join Date: Sep 2009 Location: NE of Chiang Mai Posts: 282	First worm wiggles in iPhone From BBC News, Monday, 9 November 2009 Worm attack bites at Apple iPhone The worm changes the wallpaper of the phone The first worm to infect the Apple iPhone has been discovered spreading "in the wild" in Australia. The self-propagating program changes the phone's wallpaper to a picture of 80s singer Rick Astley with the message "ikee is never going to give you up". The worm, known as ikee, only affects "jail-broken" phones, where a user has removed Apple's protection mechanisms to allow the phone to run any software. Experts say the worm is not harmful but more malicious variants could follow. "The creator of the worm has released full source code of the four existing variants of this worm," wrote Mikko Hypponen of security firm F-secure. "This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper." The picture of Rick Astley is believed to be a nod to the internet phenomenon known as Rickrolling, where web users are tricked into clicking on what they believe is a relevant link, only to find that it actually takes the user to a video of the pop star's song "Never gonna give you up". 'Stupid people' The worm has so far only been found circulating in Australia, where the hacker - Ashley Towns - who wrote the program lives. The 21-year-old told Australia's ABC News Online that he created the virus to raise the issue of security. It only exploits jail-broken phones that have SSH installed, a program that enables other devices to connect to the phone and modify the system and files. My prediction is that we may see more attacks like this in the future Graham Cluley The worm is able to infect phones if their owners have not changed the default password after installing SSH. "What's clear is that if you have jail-broken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, 'alpine'," wrote Graham Cluley of security firm Sophos. "In fact, it would be a good idea if you didn't use a dictionary word at all." After a phone becomes infected it disables the SSH service, preventing reinfection. The code contains numerous comments from Mr Towns about his motivation. Jail breaking allows a user to run non-Apple approved software One comment reads: "People are stupid and this is to prove it." "It's not that hard guys. But hey who cares its only your bank details at stake." The worm can be removed by changing the phone's password and deleting some files. A spokesperson for Apple warned against jail-breaking handsets. "These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably," the spokesperson said. Some estimates suggest that up to 10% of all iPhones and iPod Touch are jail-broken. The practice allows a phone user to install software and applications that have not been approved by Apple. "Phone users may rush into jail-breaking their iPhones in order to add functionality that Apple may have denied to them, but if they do so carelessly they may also risk their iPhone becoming the target of a hacker," said Mr Cluley. "My prediction is that we may see more attacks like this in the future."

24-11-2009, 10:08 AM	#3 (permalink)
Gipsy Pong Nam Ron Last Online: Yesterday 08:33 PM Join Date: Sep 2009 Location: NE of Chiang Mai Posts: 282	Another one... From BBC News, Monday, 23 November 2009 New iPhone worm can act like botnet say experts Jail-breaking an iPhone handset invalidates the warranty says Apple. A second worm to hit the iPhone has been unearthed by security company F-Secure. It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank's customers to a lookalike site with a log-in screen. The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset. The handsets at risk also have SSH (secure shell) installed. Many people use SSH so other programs can remotely connect to an iPhone and, among other things, transfer files. It comes with a default password, "alpine" which should be changed. Only users who have installed SSH and not changed the password are at risk. The new worm is more serious than the first because it can behave like a botnet, warns F-Secure. This enables the phone to be accessed or controlled remotely without the permission of its owner. 'Clearly malicious' "It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC. "It's fairly isolated and specific to Netherlands but it is capable of spreading." He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot. A spokesperson for ING Bank said that a warning was going to be put on the bank's official website. "We are also briefing call centre personnel," she added. "It's important to remember that the worm only affects jail-broken phones and it is only aimed at customers in the Netherlands." The first iPhone worm, called ikee, was harmless. Users with infected phones found their wallpaper replaced with a picture of 1980s popstar Rick Astley. It also targeted jail-broken phones which were SSH enabled. Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

13-11-2009, 01:30 PM	#2 (permalink)
DaffyDuck Fluff & Fold Last Online: Yesterday 03:22 PM Join Date: Nov 2007 Posts: 2,923	...only if you're dumb enough to jailbreak and deliberately install SSH and leave the default root passwords unchanged. By default, a jailbreak installation does not include SSH... in other words, you need to work really hard at being stupid.

24-11-2009, 10:41 AM	#4 (permalink)
DaffyDuck Fluff & Fold Last Online: Yesterday 03:22 PM Join Date: Nov 2007 Posts: 2,923	...and again, to reiterate -- the only people at risk are incredibly dumb jailbreakers. Regular, non hacked or jailbroken iPhones are NOT affected by this 'alert'.

24-11-2009, 11:21 AM	#5 (permalink)
Gipsy Pong Nam Ron Last Online: Yesterday 08:33 PM Join Date: Sep 2009 Location: NE of Chiang Mai Posts: 282	DD, no intention to scare off people into buying a iPhone, just pass 'the can of worms'.... You're right; it's only for the nitwits that have their toy hacked/jailbroken. When they're stupid enough to jailbreak, and remove the protection, they should be 'smart' enough to change the default password when they install SSH, or get infected. Update: Additional information from Intego reveals that the worm also steals personal data as well as opens the iPhone up to further access/control. When active on an iPhone, the iBotnet worm changes the root password for the device, in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices Update 2: The Loop reports that Apple has issued a brief statement regarding the latest threat:"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

24-11-2009, 11:28 AM	#6 (permalink)
StrontiumDog Thailand Forum Join Date: Jul 2009 Posts: 4,139	Only in the Netherlands too...

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)