http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/2009/11/11/new-malware-allows-hackers-to-access-personal-information-on-jailbroken-iphones/)

Security firm Intego reports (http://blog.intego.com/2009/11/11/intego-security-memo-hacker-tool-copies-personal-info-from-iphones/) that it has spotted new malware, termed iPhone/Privacy.A, that is capable of allowing hackers to access personal information stored on certain jailbroken iPhones and iPod touches. Non-jailbroken iPhones are not vulnerable to the malware.

While full details of the tool are not disclosed, it is reported to utilize the same method as the "Rickrolling" worm (http://www.macrumors.com/2009/11/09/first-iphone-worm-affects-jailbroken-iphones-in-australia/) deployed in Australia late last week, suggesting that the new malware would only affect jailbroken iPhones and iPod touches whose users have installed SSH for remote access capabilities and failed to change the default password. It is unclear the extent to which the tool has been seen in the wild, although Intego currently categorizes the risk of the malware as "low".When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone's wallpaper, this hacker tool gives no indication that it has invaded an iPhone.Intego notes that the tool works by being installed onto a computer and then scanning the computer's network to find vulnerable iPhones.This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.While antivirus software can protect computers from serving as hosts for the malicious software, Intego also notes that because no software is installed on the iPhone or iPod touch during the process, no external protection for users who are vulnerable to the malware can be deployed. Vulnerable users must change their default SSH passwords in order to thwart access attempts.

Article Link: New Malware Allows Hackers to Access Personal Information on Jailbroken iPhones (http://www.macrumors.com/2009/11/11/new-malware-allows-hackers-to-access-personal-information-on-jailbroken-iphones/)

Wow... that's bad.

great, will be bad reputition for apple again, since the yellow press will leave away the piece of information that it only affects jailbroken iphones.

And it's really Apple, trying to get people to not Jailbreak :p.

The same method yet again. *yawn* ;)

Thats some nasty business right there.

If you must jailbreak, change your passwords people.

Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.

This isn't really a ground breaking thing. Install SSH, leave Default Password, get Pwned. Pretty straight forward to me.

No offense, but why is the "news" here always a day late?

Anyway, this is kind of common sense people. It's like many software installations that provide a default password; when you install a wireless router in your home, do you keep that default admin password? If you do, I feel for you and for the future of your gene recipients.

This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it.

In fairness, while I knew about the default "alpine" password many, many moons ago, and I don't have SSH installed on my iPhone anyway, I've not seen too many people with "free car" signs on their cars, and yet these exploits on the iPhone do actually seem to be attracting targets. So you can conclude that many jailbreak users are idiots. Fine. But the fact remains that there are vulnerable people out there....

No offense, but why is the "news" here always a day late?

Anyway, this is kind of common sense people. It's like many software installations that provide a default password; when you install a wireless router in your home, do you keep that default admin password? If you do, I feel for you and for the future of your gene recipients.

This just in all phones with SSH and default password can be hacked by ANYONE in the world who has limited SSH knowledge.

And it's really Apple, trying to get people to not Jailbreak :p.

Caught us! Well if you must, please change root pw. Thank you come again ;)

And how it's malware? It's not malware, it's punisment for idiots.

Just follow this tutorial - http://www.iclarified.com/entry/index.php?enid=5883 and change the password.

I have a jailbroken phone. From what I gather in this article I should be fine. Am I right?

- I've changed my root password using Terminal
- I never use wi-fi on my iPhone

Wi-Fi is apparently the only way they can get into your phone, right?

The fact that it's common sense doesn't mean that most people will do it. It's safe to assume that many iPhone/iPod touch users who jailbreak their devices lack the technical inclination to automatically realize that installing that little thingy that lets them access their files from their computer means they have to also go into a terminal and change a password.

What really needs to be done is for the password change to be made a mandatory part of the jailbreaking process. Prompt the user to "set a password", and simply don't accept "alpine" as the input, then do the password change in the background once everything is up and running on the device's end. (I assume that it can't be done "ahead of time" to the firmware installer itself — or can it?)

I have a jailbroken phone. From what I gather in this article I should be fine. Am I right?

- I've changed my root password using Terminal
- I never use wi-fi on my iPhone

Wi-Fi is apparently the only way they can get into your phone, right?

No. If you are online with 3G, Edge, or Wifi, you are online and open.

But if you changed from "alpine", you are at least safer....

And it's really Apple, trying to get people to not Jailbreak :p.

You think? The thing is when Apple makes a product and signs a contract, it's perfect, so if anybody disagrees then they should go to a dungeon under Steve Jobs' mansion.

Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.

It's quite obvious how this is news. People who jailbreak can literally hit one button on a GUI and it's done. They never log in to their iPhone and install SSH or anything. It all just happens automatically. There are a ton of novice users who don't even know what SSH means who have jailbroken their phones to steal apps or change their background colors.

What really needs to be done is for the password change to be made a mandatory part of the jailbreaking process. Prompt the user to "set a password", and simply don't accept "alpine" as the input, then do the password change in the background once everything is up and running on the device's end. (I assume that it can't be done "ahead of time" to the firmware installer itself — or can it?)Since ssh is not installed by default when jailbreaking anymore the real onus should be on the ssh package installer instead.

great, yellow press leaves already the fact of jailbreaking away.

That makes no sense.

I don't feel so regretful about not jailbreaking anymore...

No offense, but why is the "news" here always a day late?

Because this is a rumor site, not a news site.

Or at least it used to be

This is not just iPods. You can get into any computer that is running SSH if you know the password. That is the entire purpose of SSH, to allow remove logins.

In other news: Hackers discover they can drive your car if you leave the doors unlocked and the keys in the ignition.

What amazes me is that people who install SSH on any device would not have the common sense to change their passwords. Seriously, if you know enough about SSH to install it in the first place, you should know to never keep the default password.

this 'tool', that 'tool'.... so the name of this 'tool' is...?

....what a joke of an article.

No. If you are online with 3G, Edge, or Wifi, you are online and open.

But if you changed from "alpine", you are at least safer....

How much safer would it be if I completely uninstall SSH and only re-install it when I need to use it (which is rarely)?

Simple solution... don't install SSH... Use PhoneView... much easier than SSH anyway...

Sorry... Mac only though... TouchCopy is for Windows users...

How much safer would it be if I completely uninstall SSH and only re-install it when I need to use it (which is rarely)?

Just disable SSH while you're not using it...you don't need to uninstall it. If the service isn't available to connect to you are fine.

Step 1 is changing your password so that if anyone gets on it while SSH is enabled...they can't login. Not doing this is like leaving your keys in your car with the doors unlocked.

Step 2 is only using SSH when you need it, and disabling it when you don't. Not doing this is like leaving your car doors unlocked but NOT leaving the keys in your car.

How much safer would it be if I completely uninstall SSH and only re-install it when I need to use it (which is rarely)?

If you did that but did not change the password, it all depends on how widely the exploit is circulating / trying to attack phones. It's better to change the password than just uninstall/reinstall SSH because if you do the latter, you remain vulnerable during the time when you've got it installed, but if you do the latter, at least for this type of exploit, with a typical strong root password you are not vulnerable.

Since ssh is not installed by default when jailbreaking anymore the real onus should be on the ssh package installer instead.

True, but it's the jailbreak process that sets the root password to alpine, not the ssh installer. Perhaps the jailbreaking tools should prompt for new password during the ipsw build or when you press the 'make it rain' button, etc.

Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.

At some point the jailbreak community will own up to the fact that they're pushing techniques that work fine for tech-savvy users, but can be disastrous for landlubbers who get swept up in the 'ooh, having all this freedom from evil Apple is SO great!' meme without having the chops to back it up.
Enjoy your malware folks.

Because this is a rumor site, not a news site.

Or at least it used to be

Right, "used to be," this is neither a rumor nor news, I guess.

At some point the jailbreak community will own up to the fact that they're pushing techniques that work fine for tech-savvy users, but can be disastrous for landlubbers who get swept up in the 'ooh, having all this freedom from evil Apple is SO great!' meme without having the chops to back it up.

I thought that this went without saying. People shouldn't be jailbreaking their phones or iPods without knowing just what the hell they're doing. I have no sympathy for people who don't read up on what they're doing first. Then again, how many regular Joes install SSH in the first place?

If you jailbreak the first thing you do is install SB Settings and disable SSHD. You can enable as needed there.

Problem solved. :)

iPhone/Privacy.A...?

Gimme a frickin' break, Intego. I know you make your money by scaring people into thinking they need to get anti-virus on their mac, but c'mon, I have everything I need to exploit this hack, easily, as part of OS X's default installation.

Go to Network Tools and run a port scan on any network, open terminal and type in the appropriate command to login via ssh to anything showing port 22 open. Heck, any FTP client will likely just let you scan local network for bonjour clients and login with sftp for full access to the UNPROTECTED iPhone.

This isn't just an iPhone vulnerability, it's a vulnerability to any computer that installs an sshd server (or any service opening the device) and leaves it running with some kind of well known default password.

Old news, new sensationalism to feed the jailbreakers-deserve-everything-bad-that-can-possibly-happen-to-them crowd. :eek:

Hacked iPhones are vulnerable.

NO WAY!!!!!

I thought that this went without saying. People shouldn't be jailbreaking their phones or iPods without knowing just what the hell they're doing. I have no sympathy for people who don't read up on what they're doing first. Then again, how many regular Joes install SSH in the first place?

There are apparently enough people who think they know what they're doing (but don't) to produce enough targets to make the exploit worthwhile to develop.
But I agree with you. But what annoys me is that this kind of nonsense will inevitably make its way into MSM as "iPhone vulnerable to attack."
Apple's smart to protect the brand by making jailbreaking as hard as possible.

It's quite obvious how this is news. People who jailbreak can literally hit one button on a GUI and it's done. They never log in to their iPhone and install SSH or anything. It all just happens automatically. There are a ton of novice users who don't even know what SSH means who have jailbroken their phones to steal apps or change their background colors.

As long as they don't install SSHD they won't get pwned. SSH access is disabled by default even on a JB phone.

It's quite obvious how this is news. People who jailbreak can literally hit one button on a GUI and it's done. They never log in to their iPhone and install SSH or anything. It all just happens automatically. There are a ton of novice users who don't even know what SSH means who have jailbroken their phones to steal apps or change their background colors.

In that case SSH won't be installed. No modern jailbreak installs SSH by default.

So your scenario becomes they jailbreak, install SSH, ignore the *frikking huge* warning to change their password. Then get pwned. No sympathy.

True, but it's the jailbreak process that sets the root password to alpine, not the ssh installer. Perhaps the jailbreaking tools should prompt for new password during the ipsw build or when you press the 'make it rain' button, etc.

No, it's apple that set the root password to alpine.

Without ssh (or telnet) there's no way in that isn't already on the iphone.

No. If you are online with 3G, Edge, or Wifi, you are online and open.

But if you changed from "alpine", you are at least safer....

You sure about that?

You can make an incoming ssh connection to your iPhone over edge or 3G? If so, let me know, because I thought that wasn't possible...

None of these articles are pointing out that you MUST change the default password for the 'mobile' account as well as the 'root' account. You can ssh into an iPhone with 'mobile' as the username as well as 'root'. You might not be able to access as much, but most of your private information is in the /private/var/mobile directory tree

True, but it's the jailbreak process that sets the root password to alpine, not the ssh installer. Perhaps the jailbreaking tools should prompt for new password during the ipsw build or when you press the 'make it rain' button, etc.

I think it's Apple that sets the default password, isn't it? The hackers just figure it out. Either way, your suggestion that changing the password as part of the jailbreaking process is an excellent suggestion that hopefully will make it to the Dev-Team's ears.

No. If you are online with 3G, Edge, or Wifi, you are online and open.

I think it depends on the cell provider. My own personal testing shows that AT&T blocks incoming port 22 connections, so on EDGE and 3G, if you're an AT&T customer, you should be safe.

If you're on a private and secure WiFi network that is behind a NAT router, you should also be safe, unless you happen to have the firewall open for port 22 and it points to the internal ip address of your iPhone.

The remaining risk for WiFi would be if you're on some kind of public ip WiFi and someone on the same network is looking for you. Well, you better be protected in that scenario. (Change passwords, use strong ones, don't leave sshd running unless you need it.)

Title of the thread and most other news articles has of course left pertinent information off for the sake of sensationalism. The worm doesn't affect jailbroken phones by default, only ones who have installed SSH, and even then only ones who haven't changed the default password.

When the fanbois hear about it they gloat. If the news is something like exploding iPods they say "But its just a tiny portion of iPods, there isn't really a problem." Their double standards are up there with the best.

You sure about that?

You can make an incoming ssh connection to your iPhone over edge or 3G? If so, let me know, because I don't think that's possible...


See my post above just above this, but yes, you can certainly access ssh via cellular networks with some companies.

The infamous Rickroll worm was specifically written to access iPhones on on the same Australian cellular networks as the infected phones.

I don't believe AT&T users to be vulnerable. At least I have been unable to ssh into my iPhone from either another iPhone or my desktop when I go after the cellular network data ip of the phone.

You sure about that?

You can make an incoming ssh connection to your iPhone over edge or 3G? If so, let me know, because I don't think that's possible...

Yes. Depends on your provider of course.. some of them use RFC1918 addresses (although even then you could theoretically connect from one 3G device to another).

If you have an IP address you're visible in some way. If it's a public IP you're visible to the world. If you're running SSH install sbsettings, switch wifi and ssh off when you're not using them (and 3G too, since it's only a swipe to reenable when you need it) and in addition to more security you get better battery life too.

See my post above just above this, but yes, you can certainly access ssh via cellular networks with some companies.

The infamous Rickroll worm was specifically written to access iPhones on on the same Australian cellular networks as the infected phones.

I don't believe AT&T users to be vulnerable. At least I have been unable to ssh into my iPhone from either another iPhone or my desktop when I go after the cellular network data ip of the phone.

Yeah, same here, thats why i questioned it... I'd actually like to be able to ssh into my phone (or access it via http port 80, etc over 3G :) Wonder if it's that reason or if it's an "apple/at&t no-no" reason that things like Air Sharing only work with wifi.

So now you know why it only spreads in Australia and not worldwide: It requires physical proximity because of WiFi!

Anyway, I don't think this really matters, since users who jailbroke their iPhone modified the software in a way that can produce unexpected results, since it has not been tested by Apple.

Hacking stuff has risks! But I don't think it's a big deal, I don't think people store important information on their iPhone anyway, unless they're dumb enough to put password reminders in Notes, or maybe top secret emails... What could a hacker want with people's iPhone data? Prank call people? Come on!

Granted, this exploit is self-inflicted (jailbreak, install SSH, don't change the default password). However, I know that I use my addressbook.app on my Mac extensively and have a lot of notes attached to each contact -- some with sensitive and personal information on it. My computer is locked down and the home directly encrypted. My iPhone has the passcode lock set for 1 minute, so I'm OK that if someone got my phone, they would most likely just perform a full reset before they would be able to gain access to it.

However, I would not like the possibility of someone stealthily being able to gain access to that data. So yes, people are worried about someone gaining access to their address book data.

Of course, if you jailbreak your phone and feel compelled to install SSH and not change the password, then you probably aren't too worried about what's on your iphone.

:rolleyes:

great, will be bad reputition for apple again, since the yellow press will leave away the piece of information that it only affects jailbroken iphones.
Eh, not really. All you have to say is that people "hacked" the iPhone so they could use it for whatever they wanted, that they disregarded Apple's own security and controls to do so, and thus exposed themselves to risk. People won't have much sympathy, and thus Apple's reputation is perfectly fine.

the tone and content on that article was mildy retarded. Instead of saying. 'Hey idiots ! If you Jailbroke, installed SSH and didn't change your root passwrod you could be vulnerable.' It went straight for the fox news approach. Can't they just release some new mouse or something to get this idiocy off the front page.

Hacked All iPhones are vulnerable.

NO WAY!!!!!

T, FTFY

If iPhones weren't vulnerable, jailbreaking wouldn't be possible in the first place.

Just don't whine to Apple about stopping it, losers.

And how it's malware? It's not malware, it's punisment for idiots.

"it's punisment for idiots" :D haha..I never got why anyone would even want to jailbreak an iPod Touch..i can MAYBE (emphasis on maybe) get why someone would want to jailbreak their iPhone..but still...

I wanna see what would happen if Apple made it impossible to jailbreak. There's gotta be a way to make the iPhone too hard to hack.

So now you know why it only spreads in Australia and not worldwide: It requires physical proximity because of WiFi!

No, that is not correct! Ikee's Rick Rolling worm was SPECIFICALLY written to attack phone's on the same 3G network. Apparently the Australian iPhone service provider leaves port 22 open on the 3G network. Wanna bet they close that real soon, if they haven't already?

Yes. Depends on your provider of course.. some of them use RFC1918 addresses (although even then you could theoretically connect from one 3G device to another).

I have two 3G iPhones, I was unable to connect via ssh over the 3G network (AT&T) from one to the other. The two iPhones are not on the same ip range for the last two octets, though, so my testing may be incomplete.

I'm far from an expert, though. It would be nice if the "official" jailbreak community investigated this further. Perhaps a Wiki on this specific topic.

If you're running SSH install sbsettings, switch wifi and ssh off when you're not using them (and 3G too, since it's only a swipe to reenable when you need it) and in addition to more security you get better battery life too.

Sage advice re SBSettings, but it's a common misconception that running OpenSSH decreases battery life; OpenSSH adds itself to the list of things inetd (which is running whether you have ssh installed or not) listens for. No extra battery drain with that method, or so the jailbreak community insists. Personally, I've noticed no change in iPhone battery life with or without ssh turned on.

when you install a wireless router in your home, do you keep that default admin password?

Not me. I always change the default password to the name of my pet dog, Admin.

Who are these ppl that have not changed their passwords? They deserve to get some malware if they leave their SSH open like that

I was in a library one day, a little one in a country town. It also had computers people could use for internet, they charged something stupid like £5 a hour to use dial-up via Internet Explorer 5 on a computer with Windows 98 installed. So anyways, I look at the screen and it asks for a username and password. The username was already there, something like "libraryadmin1". I was bored so I typed the username into the password box, almost certain that it wouldn't actually work, but it did! It then asked me how many hours to stay on for, so I typed 9 then hit OK, and that too worked! I then did it on the computer next to me, checked Engadget on one, then left.

Now, who's fault was that? Was it me, for doing the first thing anyone with even a IQ of 50 would do to get into a computer, or was it the fault of the idiots running the place who made the username and password the same damn thing?

It's the same situation here. It's the responsibility of the owner of a device to change their passwords and make them secure.

well if you have ssh installed, you need to change the password anyways

Not me. I always change the default password to the name of my dog, Admin.

Hah! :) Me too. Except I don't have a dog. So I leave the password blank..

I have a jailbroken phone. From what I gather in this article I should be fine. Am I right?

- I've changed my root password using Terminal
- I never use wi-fi on my iPhone

Wi-Fi is apparently the only way they can get into your phone, right?

You are safe if you don't have OpenSSH installed. I know you changed your root password, but without SSH you don't even need to do that.

Jailbreaking does not automatically install OpenSSH. You have to download it from Cydia.

Wow... that's bad.

Noobs shooting themselves in the foot is bad? What are you smoking?

It DOES NOT affect iPhones that comes directly from Apple

It requires
1. Jailbreak
2. Install SSH
3. Ignore recommendation to change default password

No. If you are online with 3G, Edge, or Wifi, you are online and open.

But if you changed from "alpine", you are at least safer....
YES. Any person with a jailbroken iPhone who either hasn't installed SSH (most have to transfer files), or who has installed SSH and changed their root password from 'alpine', has immunity from the exploits that have been published thus far.

We have yet to see any sort of more creative exploit in the wild.

Changing the password is the only step necessary to avoid the problems to date.

Reason 1,275 that I don't jailbreak my iPhone.

They really should make the SSH program a real application with a GUI (a simple one albeit) that is terminated when you exit the program, similar to an appstore program. Only advanced users (read: not idiots) should use the background daemon .

It doesn't have to be a complicated app. In fact, all it needs is a message that says SSH on and a set password dialog box.

Reason 1,275 that I don't jailbreak my iPhone.

This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has :p.

T, FTFY

jailbreaking wouldn't be possible in the first place.

That's different.

This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has :p.

Of all the reasons to jailbreak, piracy of App Store developers' hard work (and, in some cases, mediocre work) is the most shameful and least worthy of being touted. I still pay for my apps — at least the ones that don't come from Cydia — and my iPhone was only non-jailbroken for maybe the first day since I got it.

I wouldn't be surprised if Apple made this to scare people away from jailbreaking, after all they have been as drastic as to try and make jailbreaking illegal, so I wouldn't put it past them.

I just changed the password on my iphone using the tutorial in this thread... When I sign in on my Mac as a localhost it still accepts the old password.?. Anyone?

I wanna see what would happen if Apple made it impossible to jailbreak. There's gotta be a way to make the iPhone too hard to hack.

Is this a real question?

If it was impossible to jailbreak, nobody would jailbreak. Some people would use old phones/versions of the OS. Some people would buy other phones. Some people would complain but still use the iPhone. The number of jailbreak developers would dramatically decrease.

Well, you have to change your Root password!

Is this a real question?

If it was impossible to jailbreak, nobody would jailbreak. Some people would use old phones/versions of the OS. Some people would buy other phones. Some people would complain but still use the iPhone. The number of jailbreak developers would dramatically decrease.

That's what he wants. He doesn't want anybody hacking the iPhone. :rolleyes:

Vulnerable users must change their default SSH passwords in order to thwart access attempts.

In other news, water is wet, the sky is blue...

Well, you have to change your Root password!

I believe I did using the terminal app. I rebooted and typed su to try the password and it worked on the phone but I can still sign in with the default "alpine".

Thanks

I believe I did using the terminal app. I rebooted and typed su to try the password and it worked on the phone but I can still sign in with the default "alpine".

Thanks

Do it via SSH in a terminal window, use passwd to change root's then passwd mobile to change mobile's too. :)

Install SSHD, don't change your root password, get pwned.

How is this news exactly? This is like complaining that someone stole your car after you left it running in the parking lot with a "FREE CAR" sign on it. Any competent user that uses SSH on a new box knows that the first thing you do is change the default root password. Mildly paranoid users do the smart thing and disallow root login via SSH entirely, relying on sudo -i.

Your analogy sucks.

It would be more appropriate to say it's like complaining that someone stole your car after you left it running in the parking lot... and you're someone who has never used a car before nor understands how it works but some car expert down the street assured you it was okay to leave it parked and running, despite what the car manufacturer has said.

This is the downside of jailbreaking. The people advocating jailbreaking are making it easy enough for people without a technical background to do it and therefore things are being left wide open like that. Go ask the average user what SSH even is and you'll get back a blank stare. And you think it's obvious that people should know better than to leave the default root password in place. :rolleyes:

If the jailbreaking community wants to keep their efforts alive and well, they should undertake and effort to educate their group and/or implement the basic safeguards in the process of jailbreaking. It seems irresponsible to do otherwise.

Do it via SSH in a terminal window, use passwd to change root's then passwd mobile to change mobile's too. :)

Thank You!! I was missing the passwd mobile step.

Why are so many debating whether or not this is news? Would you rather people who didn't find out, get their lives hacked? It sounds like news to me and I think it's good to inform people of this type of thing. Some of you have stated, "many people who jailbroke their phones didn't know what they were doing." I don't think half of them feel they need to know anything other than it's cool to run apps that they were told they couldn't and that they can choose another carrier and rightly so. Everyone that purchases an iphone is not a programmer and therefore wouldn't know much tech speak, much less know the specifics of jailbreaking a phone. All they know is they are free. Why should they know anything else?

The double-standard attitude everyone* has sickens me.

When mac fans talk about Windows, the generally say how much Windows sucks because it's so easy to infect with viruses. When a computer** running OS X gets infected, it's obviously the user's fault for being dumb.

I'm sorry, but both windows and os x are very secure operating systems, it's just that users like to install things that aren't always the most safe. and if that is what makes Windows susceptible to viruses, well then it makes os x susceptible too.

*everyone being a generalization
**iPhone, mac, or otherwise

The double-standard attitude everyone* has sickens me.

When mac fans talk about Windows, the generally say how much Windows sucks because it's so easy to infect with viruses. When a computer** running OS X gets infected, it's obviously the user's fault for being dumb.

I'm sorry, but both windows and os x are very secure operating systems, it's just that users like to install things that aren't always the most safe. and if that is what makes Windows susceptible to viruses, well then it makes os x susceptible too.

*everyone being a generalization
**iPhone, mac, or otherwise

No, on Windows, there are LOADS of security exploits, and it's very easy for something to get in while you're just browsing the net.

On the Mac, the only way to get infected is if the user consciously downloads and installs something. While that's not the case with this iPhone exploit, it's still the users' fault for a) not changing the password to the most powerful account on the device and b) for not doing proper research before hacking their device.

In the same way, it'd be a Windows users' fault for getting hacked if they set up SSH and made their password "password".

i personally dont have anything against people who jailbreak. i'd do it i suppose too, but i don't really have any reason to.

what i do hope this puts a stop to is all the bashing from the new "think different" community that think it's appropriate to come out and bash us folks that don't jailbreak and tell us we are just halfwits and are allowing Apple to tell us what we want or how we should do things.

my point is that all this hacking of jailbroken iphones is exactly why apple approached the closed architecture implementation in the first place. if all these "brilliant" hackers (not meant to be offensive) aren't even capable of handling password protection then why does anyone think that an entire user base of iphone/ipod users could maturely handle keeping themselves secure and protected if the platform wasnt locked down?!

personally i think there were a lot of people out there that may have jailbroken their phones out of ignorance thinking that if they didnt they wouldnt get as much out of it. in the meantime, theyve probably not done anything too spectacular with their iphone or anything that i haven't been able to also. now they find themselves vulnerable, and dont have a clue how to deal with it and nowhere to go.

again, hack away, jailbreak your phones. i have no problem with it. im not even going to be hateful and say "you get what you deserve" because thatd be stupid and childish. why do i care and why would i want bad things to happen to you because you wanted to "think different". all i ask is that SOME people quite bashing people like myself for "conforming" to Apple's dictatorship.

Jailbreaking sucks. Hasn't Apple given everyone what they want?

Jailbreaking sucks. Hasn't Apple given everyone what they want?

No.

I know jailbreak sites try to make the process as easy and well-supported as they can, but this makes me doubt the level of expert guidance you’re really getting when you jailbreak :o I’d rather have my data security in the hands of the OS vendor (Apple) than have it in the hands of the OS vendor PLUS an informal set of hacks and experiments and scattered know-how.

Which is too bad, because aside from memory-waste and stability issues, I think it would be really cool to mod an iPhone and its UI. I modded the UI on my old iPod Photo 60, and while it may have been unnecessary, it was sure fun :) If I had an iPod Touch (and not the phone I rely on!) I might be tempted to jailbreak and mod it for a while just for the heck of it, as a hobby project.

People shouldn’t have anything against jailbreakers—what’s the harm, other than to themselves maybe? What people should object to is using jailbreaking for PIRACY purposes. That hurts all of us, but it’s not something you can assume every jailbreaker does.

Jailbreaking sucks. Hasn't Apple given everyone what they want?

Enough troll.

Jailbreaking sucks. Hasn't Apple given everyone what they want?

Do you want another laundry list of inadequacies or would a simple "no" suffice? :o

BTW, isn't this article old news? Change your SSH passwords, avoid exploits. The End.

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_2 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7D11 Safari/528.16)

Changed my root password just in time...

Simple solution... don't install SSH... Use PhoneView... much easier than SSH anyway...

Sorry... Mac only though... TouchCopy is for Windows users...

Phoneview is what I use. I'd rather use a GUI than the command line any day.

Jailbreaking sucks. Hasn't Apple given everyone what they want?

1. No, it doesn't.
2. No, they haven't. You can't forensically analyze an iPhone without jailbreaking it.

One of the many benefits of following rules

Jailbreaking sucks. Hasn't Apple given everyone what they want?

No.

Enough troll.

Do you want another laundry list of inadequacies or would a simple "no" suffice? :o

BTW, isn't this article old news? Change your SSH passwords, avoid exploits. The End.

No matter what Apple gives you... you'll never be happy. Just use your iPhone and be happy. There's no need to jailbreak.

No matter what Apple gives you... you'll never be happy. Just use your iPhone and be happy. There's no need to jailbreak.

Clearly you have never jailbroken before.

If nobody did any hacking, there wouldn't be any improvement.

No matter what Apple gives you... you'll never be happy. Just use your iPhone and be happy. There's no need to jailbreak.

Lol, the guy that talks endlessly about things being a pixel off is telling us theres no need to have complete control over our devices and we should just be happy.

I like being able to skin and use things like intelliscreen.

This is silly.
If you don't change you bank password, are you surprised when someone takes your money?
If this was some sort of thing that was hard to fight against, I could understand but really, having NO prior knowledge, you can change your password in about 1 minute, then you are safe. If you get hacked=your fault.

People shouldn’t have anything against jailbreakers—what’s the harm, other than to themselves maybe? What people should object to is using jailbreaking for PIRACY purposes. That hurts all of us, but it’s not something you can assume every jailbreaker does.

Agree, but you don't need to use jailbreaking for piracy purpose. Just sync in the iPhone some content (videos, songs, photos, texts) that you have obtained illegally. So, to correct your statement: "What people should object to is using iPhones for PIRACY purpose. That hurts all of us, but it’s not something you can assume every iPhone owner does."

No matter what Apple gives you... you'll never be happy. Just use your iPhone and be happy. There's no need to jailbreak.

just... wow :eek:

I know lots of jailbreakers and its never for piracy, its normal so they can access all features of the iphone, http://ipodftw.***********/imgs/********************* and also because some 3rd party software out theres is amazing!

Well, you've got to appreciate a bare-faced troll that still has staying power. :)

but it’s not something you can assume every jailbreaker does.

Hard not to ...

Just follow this tutorial - http://www.iclarified.com/entry/index.php?enid=5883 and change the password.

great .. thank you

my point is that all this hacking of jailbroken iphones is exactly why apple approached the closed architecture implementation in the first place.


I appreciate your comments and I do agree that people don't need to bash people that choose to jailbreak or choose not to jailbreak. It is your device, use it however you like. If that is jailbroken or not, I don't care. It is not your (or my) place to judge the other person's choice.

Now that being said, I do disagree with the above quoted comment. Apple implements the closed architecture to protect their market. They want their 30% of app sales and they want AT&T's (or insert local carrier here) money to stay exclusive. The main reason the phone is locked down is not security, it is money. Apple feels the closed architecture model will maximize their profits. Apple is not primarily looking out for you. They are primarily looking out for their shareholders, as they should.

There are a lot of people in the forum who would benefit if they stopped thinking Apple is some unique company that does what is best for the customer out of the goodness of their heart. They only care about their customers to the extent required to maximize profits and growth for the shareholders - no more, no less. Apple will never do anything that is good for the customer and bad for the shareholder. And they shouldn't. Apple is in this to make money. Just like every other public company. Currently, Apple is just better at making money than other companies. It was

Hard not to ...

Why is it hard not to? Do you also assume everyone that has a bit torrent client on their Mac steals movies/music? Do you assume everyone that has Handbrake on their Mac is pirating DVDs?

And if you have either of these things on your Mac, what makes you any different from a jailbreaker? Maybe you shouldn't be so quick to judge.

Eh, I'm really not worried. So far all these attacks rely on user incompetence.

Eh, I'm really not worried. So far all these attacks rely on user incompetence.

Pretty much true of all OS X threats, whether iPhone or Mac related.

Pretty much true of all OS X threats, whether iPhone or Mac related.

Yup.. Which is fine with me.. I dont intend on Jailbreaking my iPhone. As far as im concerned it doesnt bring any benefits for me. :-)

There are a lot of people in the forum who would benefit if they stopped thinking Apple is some unique company that does what is best for the customer out of the goodness of their heart. They only care about their customers to the extent required to maximize profits and growth for the shareholders - no more, no less. Apple will never do anything that is good for the customer and bad for the shareholder. And they shouldn't. Apple is in this to make money. Just like every other public company. Currently, Apple is just better at making money than other companies. It was

:confused: I know Apple is in this to make dough, but do you seriously think that's the only reason? In my opinion Apple has proven time and time again that it cares about consumer needs greatly. I don't think it would be smart for any, company to only focus on the customer though. If they would like to stick around then they better think about sales, but that can't possibly be their only agenda. If that was their only agenda, then why set themselves apart in so many ways? Why cater to niche markets? And why not sell a bunch of interchangeable garbage so every demographic could just be happy and call it a day? Apples are not pc's for a reason lol. Uh oh . . . here come the stooooooones . . :D

Just disable SSH while you're not using it...you don't need to uninstall it. If the service isn't available to connect to you are fine.

Step 1 is changing your password so that if anyone gets on it while SSH is enabled...they can't login. Not doing this is like leaving your keys in your car with the doors unlocked.

Step 2 is only using SSH when you need it, and disabling it when you don't. Not doing this is like leaving your car doors unlocked but NOT leaving the keys in your car.

Thanks, thor. I never use it anymore, so I just uninstalled it. If I ever start using it again I'll just install it and then change the root pw again.

If i never installed SSH, is my phone still vulnerable since the default password is still on!?

Lol, the guy that talks endlessly about things being a pixel off is telling us theres no need to have complete control over our devices and we should just be happy.

I like being able to skin and use things like intelliscreen.

He's just upset because there's no Cydia app to change the text in the SMS app one pixel higher.

If i never installed SSH, is my phone still vulnerable since the default password is still on!?

No, if you don't have SSH you're safe.

:confused: I know Apple is in this to make dough, but do you seriously think that's the only reason? In my opinion Apple has proven time and time again that it cares about consumer needs greatly. I don't think it would be smart for any, company to only focus on the customer though. If they would like to stick around then they better think about sales, but that can't possibly be their only agenda. If that was their only agenda, then why set themselves apart in so many ways? Why cater to niche markets? And why not sell a bunch of interchangeable garbage so every demographic could just be happy and call it a day? Apples are not pc's for a reason lol. Uh oh . . . here come the stooooooones . . :D

It is Apple's fiduciary responsibility to make decisions that are in the best interests of the stockholders.

Of course Apple can't ignore the customer completely because then they would not net sell anything. But Apple only caters to the customer to the extent they believe they need to in order to maximize value for the shareholder. That is their duty as a publicly traded company. They "set themselves apart" because they feel that is the best way to maximize shareholder value. They don't sell interchangeable garbage because they don't think that is in the best interests of the shareholders, etc.

And I'd argue they don't cater to niche markets at all. They have a relatively small assortment of products that meet the needs of most people. For example, people here have been screaming about a headless mini-tower for years, but Apple does not make one because they don't think it would be worth the investment (read: they would not make enough money). People here have been complaining about graphics cards the entire time I have been posting on this site. Apple doesn't put better cards in because they think that the sales they would gain from offering better graphics cards would not offset the cost required to put better graphics cards in every single machine.

I am not saying Apple is a bad guy in this regard. It is their duty to act this way. But Apple is not the corporate superhero some here make them out to be. Apple is not inherently good and Microsoft is not inherently evil. They are both doing what they think is best for the stockholders.

If i never installed SSH, is my phone still vulnerable since the default password is still on!?

What iPhone 62S said. Look at it this way: if SSH isn't installed, the door isn't there for hackers, etc. to try the default key in, even if you haven't yet changed the lock. That's...um...embedded...in the wall. Yeah.

When you download SSH it does tell you to CHANGE THE PASSWORD!

It's the same situation here. It's the responsibility of the owner of a device to change their passwords and make them secure.

Not according to the US Government.

Not according to the US Government.

Well I'm not in the US, and the US isn't the only country in the world.

Besides, that's not what matters. No matter what the governments say, it's still common sense not to have stupidly unsecure passwords.

This is great news for us developers. Jailbreak sucks.

I hate these losers taking credit as if they're hackers or something!!!!

I could have done it if I really wanted to (just I don't like breaking people's iPhones because I'm not a d!ckhead.)

Method...
login: root
password: alpine

most people don't check this. So if you can get them to install your software (thinking it's legit software) then you can do anything... how about just a basic terminal script that says:

rm -r *

It's no secret that if you have somebody's root password then a simple unix command (like the one above) will delete the whole thing.

Damn I shouldn't have said this!!!! The losers who made this "virus" (hardly a dangerous worm or something...) will probably copy my method because they didn't know!!

---

Why is this news? EVERYBODY knew it was possible... but most people aren't interested in breaking people's iPhones.

Most people who jailbreak know a bit more about computers...etc than your average loser, and could probably make apps... FFS not apps... SCRIPTS:

su
alpine
rm -r *

Those 3 lines are enough (I can enter them into your iPhone's terminal if you don't believe me.)

Most jailbroken users are not STUPID enough to download an app called "coolappthatgetsyoulotsofsexandfreebooze" seriously thinking it will give them sex + free booze, only to find out that it really trashes things.

---

This script (I refuse to call it a virus) is already blacklisted on cydia (you need to install a private repo to get it anyway... showing how stupid you'd have to be)... so it's unlikely that any users will be effected because when you try to install it, cydia says "this is malware... are you stupid enough to install it?"

If you say yes then you deserve to have your iPhone's data deleted...

Your analogy sucks.

It would be more appropriate to say it's like complaining that someone stole your car after you left it running in the parking lot... and you're someone who has never used a car before nor understands how it works but some car expert down the street assured you it was okay to leave it parked and running, despite what the car manufacturer has said.

This is the downside of jailbreaking. The people advocating jailbreaking are making it easy enough for people without a technical background to do it and therefore things are being left wide open like that. Go ask the average user what SSH even is and you'll get back a blank stare. And you think it's obvious that people should know better than to leave the default root password in place. :rolleyes:

If the jailbreaking community wants to keep their efforts alive and well, they should undertake and effort to educate their group and/or implement the basic safeguards in the process of jailbreaking. It seems irresponsible to do otherwise.

I agree with you to an extent .... True, if you ask the average user what SSH is they will give you the blank stare (I've had a few of these, when asked how i changed my SMS tones :rolleyes:). However, if these users don't know what SSH is, how and why would they install it on their phones.

My point is, if you know what SSH is, and then install it on your iPhone (and obviously know how to use it) ... you should know that you need to change the password to keep it secure. If they know this and still don't do it .... I think they deserve to have their iPhones screwed up. :eek:

:apple: KrayzieKray :apple:

So now you know why it only spreads in Australia and not worldwide: It requires physical proximity because of WiFi!

Anyway, I don't think this really matters, since users who jailbroke their iPhone modified the software in a way that can produce unexpected results, since it has not been tested by Apple.

Hacking stuff has risks! But I don't think it's a big deal, I don't think people store important information on their iPhone anyway, unless they're dumb enough to put password reminders in Notes, or maybe top secret emails... What could a hacker want with people's iPhone data? Prank call people? Come on!

*tap tap*

Ok I give up. Can someone tell me if my sarcasm meter is totally broken?

This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has :p.
While it is about people who install SSH, the other common factor is that they also jailbreak. When there's a story about a non-jailbreak phone that got the malware, feel free to use this rant.

True, if you ask the average user what SSH is they will give you the blank stare (I've had a few of these, when asked how i changed my SMS tones :rolleyes:). However, if these users don't know what SSH is, how and why would they install it on their phones.
It's called the power of google. Those users with the blank stares only care about the SMS tones. So they google it. They'll follow the directions and won't give a second thought to what program they used to get their SMS tones. In the meanwhile, their phone gets infected and they'll have no idea why.

This is EXACTLY why I did not jailbreak my iPhone when I first bought it over a year ago. Security. :apple:

Your analogy sucks.
...
This is the downside of jailbreaking. The people advocating jailbreaking are making it easy enough for people without a technical background to do it and therefore things are being left wide open like that. Go ask the average user what SSH even is and you'll get back a blank stare. And you think it's obvious that people should know better than to leave the default root password in place. ...


You sound like someone who hasn't ever jailbroken an iPhone. What you're overlooking is that a jailbroken iPhone doesn't come with SSH by default. You have to launch Cydia (which has a menu item on changing your passwords) and then from that install SSH.

Instead of asking the average user what SSH is, a better question may be why did you install it, and how did you manage to ignore the warning to change your passwords?

The frustration here is that hacking of ANY computer via SSH because of a default password, or easy to guess or lookup password is always an issue if you install SSH or like the Mac, already have it installed (but off by default).

And, if security is your primary concern, you do in fact want to jailbreak your iPhone simply so that you can change your root and mobile passwords from the default. Jailbreaking is the only way to do this and it does provide an extra layer of security in this regard.

This is not at all fair

More reasons to not jailbreak, and if you do, be very careful. Lots of articles popping up online in the past week or so about jailbroken devices being hacked. Go official firmware, you keep the rest of us safe and sound!

You sound like someone who hasn't ever jailbroken an iPhone. What you're overlooking is that a jailbroken iPhone doesn't come with SSH by default. You have to launch Cydia (which has a menu item on changing your passwords) and then from that install SSH.

Instead of asking the average user what SSH is, a better question may be why did you install it, and how did you manage to ignore the warning to change your passwords?

The frustration here is that hacking of ANY computer via SSH because of a default password, or easy to guess or lookup password is always an issue if you install SSH or like the Mac, already have it installed (but off by default).

And, if security is your primary concern, you do in fact want to jailbreak your iPhone simply so that you can change your root and mobile passwords from the default. Jailbreaking is the only way to do this and it does provide an extra layer of security in this regard.

YOU are the one who sounds like someone who hasn't ever jailbroken an iPhone. By default, SSHing into your iPhone won't work. Jailbreaking and installing the SSH app allows SSH connections to come through, thus you can SSH to the iPhone's IP address and password 'alpine'. So please, do your research beforehand and know what you are talking about.

YOU are the one who sounds like someone who hasn't ever jailbroken an iPhone. By default, SSHing into your iPhone won't work. Jailbreaking and installing the SSH app allows SSH connections to come through, thus you can SSH to the iPhone's IP address and password 'alpine'. So please, do your research beforehand and know what you are talking about.

You clearly didn't read his/her post. Your previous scaremongering post about jailbreaking also leads me to believe you either have a poor understanding of comprehension or you are trolling.

...beside is way more fun to JB and play around my JB iPhone than to play with 99% of the over 50,000 games distributed in the App Store.

I hate these losers taking credit as if they're hackers or something!!!!

I could have done it if I really wanted to (just I don't like breaking people's iPhones because I'm not a d!ckhead.)

Method...
login: root
password: alpine

most people don't check this. So if you can get them to install your software (thinking it's legit software) then you can do anything... how about just a basic terminal script that says:

rm -r *

It's no secret that if you have somebody's root password then a simple unix command (like the one above) will delete the whole thing.

Damn I shouldn't have said this!!!! The losers who made this "virus" (hardly a dangerous worm or something...) will probably copy my method because they didn't know!!

---

Why is this news? EVERYBODY knew it was possible... but most people aren't interested in breaking people's iPhones.

Most people who jailbreak know a bit more about computers...etc than your average loser, and could probably make apps... FFS not apps... SCRIPTS:

su
alpine
rm -r *

Those 3 lines are enough (I can enter them into your iPhone's terminal if you don't believe me.)

Most jailbroken users are not STUPID enough to download an app called "coolappthatgetsyoulotsofsexandfreebooze" seriously thinking it will give them sex + free booze, only to find out that it really trashes things.

---

This script (I refuse to call it a virus) is already blacklisted on cydia (you need to install a private repo to get it anyway... showing how stupid you'd have to be)... so it's unlikely that any users will be effected because when you try to install it, cydia says "this is malware... are you stupid enough to install it?"

If you say yes then you deserve to have your iPhone's data deleted...
WTF man i read this thread on my l33t h4x3d iPh0n3 and now its bricked, omg!!!11!!eleven! your virus pwn3e|> me :mad:

OK, i need to take my meds now....

Common sense, thank dog its long dead. :rolleyes:
Change all default passwords BEFORE putting the system online
Don't run services/process you don't need
Understand what each service/process is that is running

Originally Posted by Gasu E.
Not me. I always change the default password to the name of my dog, Admin.

Hah! :) Me too. Except I don't have a dog. So I leave the password blank..
Me too,
But with all the passwords i have to change on a weekly basis I have started doing the same to my Dog. Now we are both confused.
.
Now he answers to...
Admin, God, TrustNo1, jesus, password, qwerty, ,monkey("My Key" in french), love, 12345678, princess, letmein, master, internet, whatever, starwars, matrix, superman and football.
>;p

Jailbreaking sucks. Hasn't Apple given everyone what they want?
HaHaHahahaha I'm still waiting far a MATTE screen order option for an iMac .
I'd write a list but i binned the first one while waiting for MMS on my iPhone.. Oh... and changeable SMS Tones.

HAHAHAHAHA!!! Ha.

No offense, but why is the "news" here always a day late?

Anyway, this is kind of common sense people. It's like many software installations that provide a default password; when you install a wireless router in your home, do you keep that default admin password? If you do, I feel for you and for the future of your gene recipients.

While I agree with you, the interesting thing about this exploit to me is that these are devices which are not behind NAT routers or firewalls (unlike many home computers these days), and to which you do not need to be in close physical proximity (like a wireless router).

Plus, these devices have unique hardware (GPS, digital compass) that could be used to invade privacy in a way not possible with most other hardware which is online these days. Imagine a backdoor on your phone that let somebody track every where you go, could even tell what direction you were currently looking in.

And since iPhones are very likely to traverse multiple, physical networks, the "virality" of this worm has a whole new dimension.

There is nothing positive about this news at all. Though I am not surprised that the righteous immature fanbois here are voting this as positive, get a life honestly!. How can you consider this to be good? We are talking about peoples personal information being stolen through an exploit.

Also drop the righteous BS about users that have not changed their default password deserve this, the reality is that the average iphone user has no idea what SSH is. I hope you realize that a very large group of these jailbreakers are huge apple fans, and they have jailbroken their phones to unlock them. This is the group of Apple fans who have gone out of their way to get an iphone in countries where Apple has not setup their bloody $$$$ exclusive carriers. Fans that have gone out of thier way to get an iphone and have paid extra for them, early adopters that gave apple free publicity around the world. These same people would have bought their phones unlocked, knowing nothing about the process of jailbreaking, and now might get screwed over.

It was Apples own damn greed that created the unlocking community. If your from the States, well awesome for you, but outside of the states there are alot of diehard Apple fans that went out of their way to get iphones early, they did not deserve this! For the ones with some tech knowledge, they can protect themselves, though alot are going to get screwed.

This is EXACTLY why I did not jailbreak my iPhone when I first bought it over a year ago. Security. :apple:

Lol, there is nothing hard about changing your password. Do that and no one can touch you.

In fairness, while I knew about the default "alpine" password many, many moons ago, and I don't have SSH installed on my iPhone anyway, I've not seen too many people with "free car" signs on their cars, and yet these exploits on the iPhone do actually seem to be attracting targets. So you can conclude that many jailbreak users are idiots. Fine. But the fact remains that there are vulnerable people out there....

aside from the "jailbreakers are idiots" why bother posting the rest?

you buy a closed system, knowing full well it is closed, break it, and then the security is bad? shocking!

And it's really Apple, trying to get people to not Jailbreak :p.

If you jail break, either change thebdefault password that the apple techs would use or turn off ssh.

After being with AT&T for almost 10 years, i jail broke my phone last month now I have teethering which I've only used twice just to see how well it worked and it was faster than my wifes moms dsl. But the coolist things are the utlilities kr flash player. Free Tom Tom. Video in non 3gs phones, quick swipe, mem free apps, other gps nav free apps plus hundereds more.

But the best is gv mobile. You add that number to a list and all calls made via that number are free. Also the reason I jail broke it. Plus of course texts of voice mails and controlling any phone to ring when that number is called.

Peace.

And how it's malware? It's not malware, it's punisment for idiots.
Yeah... for the IDIOTS that can't spell!

In order to fall victim to this worm you'd have to do the following:

1. Be so technically savvy as to have the inclination to install OpenSSH to remote access your iPhone from a command line. (A shockingly small minority within a minority of owners)

2. Be somehow that technically savvy yet, at the same time be so technically inept as to forget to set a password.

3. Seek out or stumble into the same LAN as your attacker does right at the time he decides to start looking for iPhones to hack.

4. Somehow indicate to him that you have a jailbroken iphone so he can get out his and scan yours for goodies.

5. Stick around long enough for him to download all your stuff.

By my reading you'd have to be the world's biggest dumb*** to fall for this. More security firm (maybe Apple?) FUD....If you are installing things on your iphone and you dont want to play in Apple's sandbox, know what you are doing. Otherwise, you deserve what you get.

Gah!

/endrant


PS- I read the forums and site a lot but this got me so hacked off I signed up just to reply....

It's called the power of google. Those users with the blank stares only care about the SMS tones. So they google it. They'll follow the directions and won't give a second thought to what program they used to get their SMS tones. In the meanwhile, their phone gets infected and they'll have no idea why.

Fair enough, but I still stick to the fact that if you install SSH (or any other app for that matter), it is your responsibility to know what it is, and how to use it.

So simply following directions and installing a software on your phone (just because a guy (usually between the age of 16-18) on YouTube says so) and not giving a second thought to what you have just done, in my eyes, is a disaster waiting to happen ... and should anything go wrong ... I believe it is the sole responsibility of your negligence. (not talking about you :))

:apple: KrayzieKray :apple:

In order to fall victim to this worm you'd have to do the following:

1. Be so technically savvy as to have the inclination to install OpenSSH to remote access your iPhone from a command line. (A shockingly small minority within a minority of owners)

2. Be somehow that technically savvy yet, at the same time be so technically inept as to forget to set a password.

3. Seek out or stumble into the same LAN as your attacker does right at the time he decides to start looking for iPhones to hack.

4. Somehow indicate to him that you have a jailbroken iphone so he can get out his and scan yours for goodies.

5. Stick around long enough for him to download all your stuff.

By my reading you'd have to be the world's biggest dumb*** to fall for this. More security firm (maybe Apple?) FUD....If you are installing things on your iphone and you dont want to play in Apple's sandbox, know what you are doing. Otherwise, you deserve what you get.

Gah!

/endrant


PS- I read the forums and site a lot but this got me so hacked off I signed up just to reply....

So true ... so true. My views exactly!

:apple: KrayzieKray :apple: