Anyone experience Virus/Malware attacks after JB

[flavouringlife]

Just read and article and realised the Ikee Virus.

"..hacking a phone can leave it open to attacks from viruses and other malware. These included the Ikee virus, a worm Called Duh and most recently , tainted PDF documents that allowed access to the phone’s software..."
*link deleted

Have anyone experience this or heard any? Is a myth or truth?

 

[moussekateer]

Ikee and Duh were worms that infected iPhones that met the following conditions. 1) They were on the same wifi network. 2) They had SSH installed and turned on. 3) The default password was left unchanged.

The PDF exploit was one of the exploits used in the jailbreakme.com jailbreak. Everyone pre 4.0.2 was vulnerable, jailbroken or not. Someone could use it to write a malicious payload but as long as you're on 4.0.2 or you've installed the PDF patch from Cydia you're immune.

 

[crawfish963]

Pretty irrelevant issue IMO. Like the previous poster said, too many requirements for it to happen to make it possible. Eventually 4.1 will be out and then jailbroken and it won't matter anyways.

 

[Hemmo]

who keeps ssh on ? who dosent change ssh password!? wooot!

 

[dhlizard]

who keeps ssh on ? who dosent change ssh password!? wooot!

More than you imagine.

Same group of people who jailbreak, but won't save hashes (too much effort to do it or read anything about it ?)

 

[D1G1T4L]

who keeps ssh on ? who dosent change ssh password!? wooot!

Keeping SSH on can be a good thing if you have problems.

 

[kAoTiX]

Ignorance is bliss.

If the PDF exploit were on a mac (which it was/is) or a windows PC for instance, people would be all over it. There would be worms exploiting it left right and center.

Just because people see an iPhone as more of a closed device doesnt mean it is not a target for such attacks.

Lets be fair, if jailbreakme didn't have a 'slide to jailbreak' it could have been executed without any interaction from the user and comex could have jailbroken peoples iPhones willy nilly.

 

[ViViDboarder]

Keeping SSH on can be a good thing if you have problems.

Exactly. I always keep SSH on. I just make sure I change my passwords. SSH is pretty strong and there are only rare occasions that an unauthorized login will even be attempted. Heck, my home servers have SSH running 24/7! Not that you know the valid usernames or passwords or even the domain.

 

[thep33t]

I read first line (after adjusting my eyes to that god-awful site,) saw something about bricking the phone, LOL'ed, and closed the tab.

 

[Cinemagic]

Change the SSH password - as has been posted everywhere - and on Cydia, plug the PDF exploit and you're good to go.

 

[doboy]

who keeps ssh on ? who dosent change ssh password!? wooot!

SSH turns on automatically when you reboot, but not when respring. Little irritating.

 

[dgstan]

SSH turns on automatically when you reboot, but not when respring. Little irritating.

I'm surprised there's not a utility that will turn it off automatically if it's not in use.

 

[ViViDboarder]

I'm surprised there's not a utility that will turn it off automatically if it's not in use.

If it's off it's impossible to be in-use...

The daemon sits sleeping until there is an incoming authentication on the port. When that happens the server fires up and attempts to authenticate.

Basically, if you change your password there is no reason to turn off SSH. If your springboard gets thrown into a re-spring loop, it's nice to be able to SSH in when you're home (assuming you left Wifi on).

 

[TMar]

Those who don't know and can't do.. Blog!

 

[maturola]

Ikee remind me of Michelangelo virus back in the day Good times!

 

[gatearray]

Fraudulently linking to your own blog???

Is this against the forum rules? If not, it should be.

The OP posted such an innocent sounding question, preceded by a quote from himself taken from his own "flavouringlife" blog as if he read it from a newsworthy source and it really got him thinkin' or something. I checked history and saw another thread he started, predictably linking to his own blog, as well.

For the reference of future trolls, it might be a better idea to make your forum name different than the name of the "blog" you'll be constantly linking to. I have to say that you did learn some cool jailbreak buzzwords from reading this forum a bit, though. "Bricked"...

Although even funnier is to read the subsequent posts harshly bashing the blog's writer's skills and knowledge, completely ignoring the fact that the author is the OP himself!

 

[moussekateer]

Is this against the forum rules? If not, it should be.

The OP posted such an innocent sounding question, preceded by a quote from himself taken from his own "flavouringlife" blog as if he read it from a newsworthy source and it really got him thinkin' or something. I checked history and saw another thread he started, predictably linking to his own blog, as well.

For the reference of future trolls, it might be a better idea to make your forum name different than the name of the "blog" you'll be constantly linking to. I have to say that you did learn some cool jailbreak buzzwords from reading this forum a bit, though. "Bricked"...

Although even funnier is to read the subsequent posts harshly bashing the blog's writer's skills and knowledge, completely ignoring the fact that the author is the OP himself!

Oops how did we miss that, nice catch. I consider it very unethical to mislead people into visiting your blog to get pageviews. He asks a question that he's answered himself on his blog. I think his post should be deleted in light of this.

 

[flavouringlife]

Is this against the forum rules? If not, it should be.

The OP posted such an innocent sounding question, preceded by a quote from himself taken from his own "flavouringlife" blog as if he read it from a newsworthy source and it really got him thinkin' or something. I checked history and saw another thread he started, predictably linking to his own blog, as well.

For the reference of future trolls, it might be a better idea to make your forum name different than the name of the "blog" you'll be constantly linking to. I have to say that you did learn some cool jailbreak buzzwords from reading this forum a bit, though. "Bricked"...

Although even funnier is to read the subsequent posts harshly bashing the blog's writer's skills and knowledge, completely ignoring the fact that the author is the OP himself!

So sorry if i break the rules or offended you by posting something you dod't like. I just try to share some article i read and not in the net. I can type here but is long article, will not post anything to share in this blog again if that is the restriction. But before that, this is really some info coming after i post the article. Click to see if this is the real Virus attack? (this link is not my Blog)

 

[moussekateer]

So sorry if i break the rules or offended you by posting something you dod't like. I just try to share some article i read and not in the net. I can type here but is long article, will not post anything to share in this blog again if that is the restriction.

It's not about whether we like the content or not. It's that you passed it off as an article you had come across when it was in fact your very own blog.

Just read and article and realised the Ikee Virus.

 

[thelatinist]

(this link is not my Blog)

No, it's a thread that links to your blog. It's still shameless linkspam.

 

[gatearray]

So sorry if i break the rules or offended you by posting something you dod't like. I just try to share some article i read and not in the net. I can type here but is long article, will not post anything to share in this blog again if that is the restriction. But before that, this is really some info coming after i post the article.

Share some article you read???

What on earth are you talking about flavouringlife of the infamous flavouringlife blog? You wrote that article, do you mean "that you proof-read" it and wanted to share? Sheesh...

You really must think we are all stupid, or something, but the jig is up!

EDIT: I'm sorry, maybe you meant "write" instead of "read" in your reply. If English is not your native language and you're a little confused, my apologies, but it's still not cool to post linkbait around here.

 

[flavouringlife]

Share some article you read???

What on earth are you talking about flavouringlife of the infamous flavouringlife blog? You wrote that article, do you mean "that you proof-read" it and wanted to share? Sheesh...

You really must think we are all stupid, or something, but the jig is up!

EDIT: I'm sorry, maybe you meant "write" instead of "read" in your reply. If English is not your native language and you're a little confused, my apologies, but it's still not cool to post linkbait around here.

It is an article that source from Harald Sun i read in local news paper. And that is what i mean in my reply. Don't assumed if you are not sure.
Finally, i have deleted the link and once again if this offended the rules, my sincere apologies. (Lesson learned, will not post again)

 

[Marky]

Wow, that was a terrible blog to read (and on my eyes). Ikee and Duh were worms that infected iPhones that met the following conditions. 1) They were on the same wifi network. 2) They had SSH installed and turned on. 3) The default password was left unchanged.

Apologies for what is certainly a stupid question, I researched it just after Jailbreaking but I just have some nagging doubts.

I haven't specifically downloaded via Cydia or Rock any app/code etc called SSH or SSH settings or anything like that. I therefore have no need let alone capability of changing the default password as I don't have SSH installed.

Correct? Or have I completly mis-understood how this SSH thing works?

For info only J/B apps loaded are Cydia, Rock, MyWi, Bite Sms, Cyntact, iBlacklist, WiFi sync, the PDF Patch and intelliscreen.

There is nothing in Manage in Cydia for example that goes by the name SSH.

Again apologies if I'm being stupid but just want to obliterate those nagging doubts.

Kind regards
Mark

 

[ViViDboarder]

Just change your password anyway. Even if you don't have ssh installed.

Download MobileTerminal and follow the same steps on your phone.

As for the OP... That link you posted to the other forum was just you spreading more FUD!

Jailbroken phones are not more vulnerable to the PDF exploit. The exploit is only USED to jailbreak phones.

 

[moussekateer]

Apologies for what is certainly a stupid question, I researched it just after Jailbreaking but I just have some nagging doubts.

I haven't specifically downloaded via Cydia or Rock any app/code etc called SSH or SSH settings or anything like that. I therefore have no need let alone capability of changing the default password as I don't have SSH installed.

Correct? Or have I completly mis-understood how this SSH thing works?

For info only J/B apps loaded are Cydia, Rock, MyWi, Bite Sms, Cyntact, iBlacklist, WiFi sync, the PDF Patch and intelliscreen.

There is nothing in Manage in Cydia for example that goes by the name SSH.

Again apologies if I'm being stupid but just want to obliterate those nagging doubts.

Kind regards
Mark

You don't have SSH installed. But to be honest you're better off installing SSH and changing the passwords. SSH is super useful for fixing problems that may arise with your phone, where the only alternative would be to restore every time.