Malicious iPhone virus puts jailbroken iPhones in the dock
11/26/2009 06:46:00 PM - 1 comments
The community of jailbreak iphone might have never felt as vulnerable as today in the present scenario - when reports of virus attack on iPhone (jailbroken) almost greet you every other day. It all started in the beginning of November when news of a Dutch hacker holding users of jailbroken iPhone at ransom and threatening to abuse them unless they pay a price of €5 was reported. Thereafter, followed the ‘ikee’ and the ‘iPhone/Privacy’ virus reported by the Mac Security software development company, Intego. However, all those exploits were rated as ‘not so dangerous’ by the experts as they were more inclined to warn iPhone users of possible threats from unchanged root passwords in jailbreak iphone. But the virus detected lately has been considered malicious than the preceding ones considering its enticement to take advantage of the vulnerability in jailbroken iPhones.
Features that makes your jailbreak iphone more vulnerable to this virus
Viruses are meant to be malicious; however the extent of the damage these exploits can bring is variable. Reports have indicated that this virus attacks only jailbroken iPhone and iPod Touch devices.
- This virus uses command-and-control like a conventional PC botnet, configuring two startup scripts. While one is to execute the virus on boot-up, the other is to create a connection to a Lithuanian server (HTTP) for uploading stolen data and cede control to the bot master.
- The virus also alters the root password from the default of "alpine" that Apple set in the original firmware, making it even more complicated for users to secure their devices.
- Moreover, this virus attacks IP ranges from a larger range of ISPs, including UPC (Netherlands), Optus (Australia), and T-Mobile (Many).
- Whenever you hook up an infected device to a WiFi connection, the virus can spread more quickly to more IP addresses than on a typical 3G connection.
- Each infected device is assigned a unique ID number, which allows the attackers to further explore a phone with interesting content. This could lead to significant data theft if a sensitive phone has been jailbroken.
- One symptom that has been recorded, is of very short battery life when the device is connected to WiFi, because the virus is generating so much network activity.
How to secure your iPhone against the malicious malware
Apart from getting rid of the malicious worm by taking care of the Changing the root password is essential to the condition to which using jailbreak. Again, iPhones can install MobileTerminal App from the Cydia package manager and change the password. For changing the password, here are a few trodden path.
- Open Cydia > download MobileTerminal App >once done, run the app.
- Type command su root and hit enter (Return key).
- When prompted for password type ‘alpine’ and hit enter (Return key).
- Then type passwd and hit enter (Return key).
Moreover, typing your new password twice, secures your device from future SSH based attacks.
Important Updates and prevention
- There are reports that the IP address the virus uses for C&C is 92.61.38.16. This is interesting and productive news for a mobile operator. So, if you are mobile operator it is suggested that you monitor or block activity and try to communicate with this IP address.
- It has been discovered that the new root password set by this virus is "ohshit".
There is very little way to know if your iPhone is vulnerable to attack without scanning them for SSH and trying the default password. Although, there are speculations that corporate iPhones are not likely to be jailbroken, certain clarifications are sought. For example, on adding an employee's iPhone to your network; you will not be able to tell if that phone is jailbroken without having checked the device directly.
As for your iphone unlocking and jailbreaking requirement, just tune in to easyiphoneunlocking.com for quick and hassle-free support and service.
Posted: Seuli.B
if i don't have SSH installed on my jailbroken iPhone, i'm safe... correct?