Apple’s On iPhone Worm: Don’t Jailbreak

| News

Following reports of a new worm that could impact some jailbroken iPhones, Apple offered up a response: hacking your iPhone is a bad idea.

Jailbreaking is a process where users apply software hacks to their iPhone or iPod touch to allow the installation of applications that aren't available through Apple's iTunes-based App Store.

The most recent threat works only on iPhones that have been hacked to support unauthorized third-party applications, have SSH installed, and are still using the default root password. The worm spreads between iPhones that are on the same Wi-Fi network, and targets ING Bank Web site users in the Netherlands.

"As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason," Apple spokesperson Natalie Harrison told The Loop. "These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

Apple may not have come right out and said hacking an iPhone to run software that isn't available through its App Store is a bad idea, other security companies have.

"We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild," Intego said after an attack that could let a hacker download iPhone user data surfaced. "While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices."

Apple didn't say whether or not it is working on ways to improve security for jailbroken iPhones, but since the company considers the hacks unauthorized, it's likely those users could find themselves on their own.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

4 Comments

Jeff Gamet

I don’t expect Apple to put much energy into improving security for hacked iPhones, but I do hope the company has people studying these threats. Hopefully the jailbreak community will ultimately help improve the iPhone’s security through the surprises the hacks uncover.

jbruni

I dunno, Jeff. The worm attack did not exploit any vulnerability in the iPhone OS, but rather the laziness of the owners who enabled a network-based service with a well-known, default root password.

Just compounding stupid with stupid.

Steve Feinstein

It always bothered me that SSH installs with a default password.  Is it impossible to prompt for a password during install?  Seems like that would make this problem go away.

dave

Yeah you could do as apple say but thats no fun. Just use terminal to change the password and voila no longer vulnerable to rick astleys stupid face. smile

Log-in to comment