Apple’s On iPhone Worm: Don’t Jailbreak
November 23rd, 2009 at 7:58 PM - News by Jeff Gamet
Following reports of a new worm that could impact some jailbroken iPhones, Apple offered up a response: hacking your iPhone is a bad idea.
Jailbreaking is a process where users apply software hacks to their iPhone or iPod touch to allow the installation of applications that aren't available through Apple's iTunes-based App Store.
The most recent threat works only on iPhones that have been hacked to support unauthorized third-party applications, have SSH installed, and are still using the default root password. The worm spreads between iPhones that are on the same Wi-Fi network, and targets ING Bank Web site users in the Netherlands.
"As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason," Apple spokesperson Natalie Harrison told The Loop. "These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."
Apple may not have come right out and said hacking an iPhone to run software that isn't available through its App Store is a bad idea, other security companies have.
"We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild," Intego said after an attack that could let a hacker download iPhone user data surfaced. "While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised strongly suggests that iPhone users should stick with their stock configuration and not jailbreak their devices."
Apple didn't say whether or not it is working on ways to improve security for jailbroken iPhones, but since the company considers the hacks unauthorized, it's likely those users could find themselves on their own.
4 Observer Comments
I dunno, Jeff. The worm attack did not exploit any vulnerability in the iPhone OS, but rather the laziness of the owners who enabled a network-based service with a well-known, default root password.
Just compounding stupid with stupid.
It always bothered me that SSH installs with a default password. Is it impossible to prompt for a password during install? Seems like that would make this problem go away.
Yeah you could do as apple say but thats no fun. Just use terminal to change the password and voila no longer vulnerable to rick astleys stupid face. 
Recent Headlines - Updated September 9th
- Wed, 4:51 PM
- Product News - Apple Releases iPhone Configuration Utility 3.1
- 3:55 PM
- Tips - iOS 4.1: Digging Past The Release Notes
- 3:44 PM
- Product News - iMovie 1.1 Adds 4th Gen iPod touch Support
- 3:07 PM
- How-To - Up and Running with Game Center
- 1:01 PM
- Product News - Apple Releases iOS 4.1
- 11:32 AM
- News - Oracle Calls HP Lawsuit “Vindictive”
- 10:56 AM
- News - iFixit Guts 4th Gen iPod shuffle
- 10:37 AM
- TMO Appearances - Ted Landau Discusses iPods, Apple TV, Ping on MacNotables
- 10:05 AM
- Hot Forum Topic - Forum Poll: When Will You Install iOS 4.1?
- 9:38 AM
- Apple Stock Watch - Analyst: iPad Sales Could Top 28M in 2011
- 9:02 AM
- Product News - MobileMe iDisk Update Improves Keynote Support
- 8:47 AM
- Product News - Find My iPhone Adds New iPod touch Support
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
Mac Memory and Hard Drives: MacBook Pro Memory 8GB kits $275.99! iMac Memory 4GB Kits for $109.99! Mac Pro Memory 8GB Kits for $289.99, 64GB for $2,839.99! Mac Hard Drives 2TB Seagate SATA II for $149.99! Click Here!
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
I don’t expect Apple to put much energy into improving security for hacked iPhones, but I do hope the company has people studying these threats. Hopefully the jailbreak community will ultimately help improve the iPhone’s security through the surprises the hacks uncover.