MarkMS

macrumors 6502a
Original poster
Aug 30, 2006
992
0
Just saw this and wanted to let you all know.

Here is a quick excerpt from ModMyiFone. Just want people to know before they mess up their iPhone. I can't test this out, since I don't "hack" my iPhone, but I think this is why Apple wants the security measures before they release the SDK in Feb. This is how one bad person can ruin an experience.

It has come to my attention that the people responsible for the JMCO source jmwiki.com have internially created a malicious source with the sole intention of mucking up people's iPhones.

This source adds an app in installer that pretends to be an update of erica's utilities. The app appears in installer as 113 prep.

Once installed all this app does is it says "shoes." When uninstalled this app removes a lot of files from the /bin directory on the iphone, breaking valid apps like sendfile and other erica utilities.

ModMyiFone recommends that you DO NOT install 113 prep. We further recommend that you abandon the use of the JMCO source and remove it from your installer app.

It is a shame to see that people in our community are set on causing problems for others, their actions are not admirable.

Help us get out the word to everyone as quickly as possible and Digg This
 

ascham87

macrumors regular
Jul 1, 2007
125
0
Chicago, Illinois
I am surprised it took this long for something like this to happen. This is why I long for an official SDK, but with the amount of apps that Installer.app has..sigh...only in a perfect world I guess :(
 
Comment

jav6454

macrumors P6
Nov 14, 2007
17,197
2,239
1 Geostationary Tower Plaza
Just saw this and wanted to let you all know.

Here is a quick excerpt from ModMyiFone. Just want people to know before they mess up their iPhone. I can't test this out, since I don't "hack" my iPhone, but I think this is why Apple wants the security measures before they release the SDK in Feb. This is how one bad person can ruin an experience.

And to think it was all caused by an 11 year-old boy. *sigh* The world ain't the one when 11 year olds watched for porn instead of ruinning people's devices. *sarcasm*
 
Comment

1rottenapple

macrumors 68040
Apr 21, 2004
3,892
2,007
Is modmyifone working again? When I go there, it still reports that it can't find the server.
 
Comment

Consultant

macrumors G5
Jun 27, 2007
13,313
33
Thanks for the heads up.

Well, a classic case of trojan. But in this day and age, most people should be smart enough not to install something unless it's confirmed by the community.

Whoever responsible should be put in jail, preferably in the same cell as OJ.
 
Comment

pacohaas

macrumors 6502a
Jan 24, 2006
516
3
I am surprised it took this long for something like this to happen. This is why I long for an official SDK, but with the amount of apps that Installer.app has..sigh...only in a perfect world I guess :(
an SDK doesn't necessarily mean a limited number of "approved" apps. Look at all the stuff apple has approved for their webapps directory.
 
Comment

Eraserhead

macrumors G4
Nov 3, 2005
10,433
12,251
UK
an SDK doesn't necessarily mean a limited number of "approved" apps. Look at all the stuff apple has approved for their webapps directory.

I think the iPhone will only support applications from the directory, ala the Apple webapps directory.
 
Comment

pacohaas

macrumors 6502a
Jan 24, 2006
516
3
yeah, and look how much crap is on there, but (hopefully) no malicious software. I'm just saying, it doesn't seem to take much for apple to "approve" something for the iPhone.
 
Comment

MacRumors

macrumors bot
Apr 12, 2001
54,191
16,008
First iPhone Trojan?

https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

Earlier this week, a third party package named "iPhone firmware 1.1.3 prep" became available via Installer.app. ModMyiPhone.com was first to identify it as malicious, and F-Secure later confirmed the low-risk threat.

The trojan installation package contains false application installation information that causes legitimate third party applications to be removed if the trojan is uninstalled from the iPhone.

The package was quickly removed from distribution after identification of malicious characteristics. Additionally, F-Secure states that the author was an "11-year-old kid playing with XML files." F-Secure warns that a more experienced coder could have done more damage.

Security will be one of the top concerns of Apple's upcoming SDK, as Steve Jobs had alluded to Nokia's system of digitally signing applications.

Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than "totally open," we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs.

Article Link
 
Comment

Metatron

macrumors 6502
Jul 2, 2002
382
79
Great...11 year old hackers. I don't know any 11 year old that can "play" with XML files, build a package, and then properly submit it.
 
Comment

puckhead193

macrumors G3
May 25, 2004
9,410
699
NY
Great...11 year old hackers. I don't know any 11 year old that can "play" with XML files, build a package, and then properly submit it.
dam when i was 11 i barely knew my multiplication tables non the less XML. :p jeez it soon should be manadtory for kids to join an outside sport league or activity.
 
Comment

walnuts

macrumors 6502a
Nov 8, 2007
535
167
Brooklyn, NY
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.
 
Comment

erandall38

macrumors 6502
Jun 24, 2007
458
0
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.

Was thinking the same thing.... anyone have any liable insight on this?
 
Comment

djgamble

macrumors 6502a
Oct 25, 2006
901
391
Yeah sorry I'm not sold on it being an 11 year old or that someone else could have easily done something much worse.

Playing with xml files... well I'm a web developer and have used a lot of xml, I did a bachelor's degree and a master's where I learned such things; and also program a lot of educational resources using xml so I would call myself a professional.

I'm hard pressed to believe this was an 11 year old for 2 reasons:
1) iPhones are damn expensive, what is an 11 year old doing with an iPhone?
2) I work with xml every day in a professional environment and can't see how I'd be able to trash an iPhone using xml.
3) xml is a type of database, not a programming language. I'd be impressed if an 11 year old could get an rss feed going using an xml database let alone hack an iPhone using it (apparently).

Okay so most people with installer.app have root access enabled and have not changed their root password, yes I think people could make software that hacks the iPhone quite easily, but to me this was never a serious threat.

It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).
 
Comment

pacohaas

macrumors 6502a
Jan 24, 2006
516
3
Was thinking the same thing.... anyone have any liable insight on this?

The same could be said for a Windows PC with a proper backup. So what if you get a virus? Just reformat and restore your backups. In reality this is a much bigger problem than it may seem, which is why we have anti-virus software and don't click on links that seem sketchy. Reformatting and restoring to get rid of a virus is a pain.
 
Comment

chr1s60

macrumors 68000
Jul 24, 2007
1,993
1,588
California
I think the iPhone will only support applications from the directory, ala the Apple webapps directory.

I have no problem with this. Sure, there may not be as many apps right away, but if the iPhone were to just open up to any 3rd party app from any random place, you could bet that this type of thing would not be as rare as it currently is.
 
Comment

walnuts

macrumors 6502a
Nov 8, 2007
535
167
Brooklyn, NY
The same could be said for a Windows PC with a proper backup. So what if you get a virus? Just reformat and restore your backups. In reality this is a much bigger problem than it may seem, which is why we have anti-virus software and don't click on links that seem sketchy. Reformatting and restoring to get rid of a virus is a pain.

Yes but restoring a PC is a totally different animal than restoring the iPhone. I've done it twice alreadyIf you haven't hacked it, it takes 15 minutes to reinstall the software and then maybe a half and hour to put all of your content back on. Furthermore, nearly the whole process, from the iTunes backup all the way through resyncing the content is automated. There's no restoring data, finding reinstall discs and passwords. Heck, reinstalling one app on a pc probably takes just as long as restoring the iPhone.
 
Comment

cazlar

macrumors 6502
Oct 2, 2003
492
11
Sydney, Australia
It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).

I think what is being misunderstood by most people is that there was no "trojan" code being programmed so to say. What instead has happened is that he had taken an existing xml description of an Installer.app package (from STE I believe), and changed its name to something people would be interested in installing (a 1.1.3 prep package in this case). I'm not sure what else he changed, it popped up a stupid phrase I think, but the point is that he left the uninstall instructions for Ericas utilities still in the xml. And then made a repository (not that hard, instructions are available) and convinced people to download it. When these folks decided it was useless/fake, they hit uninstall, and as well as deleting itself, it took Erica's utilities with it.

So, not a trojan. Just a really really dumb prank with unexpected (but not disastrous) consequences. He probably didn't realise leaving the uninstall stuff would cause problems. Exactly what I'd expect from a kid who was playing around with an xml file and thought that'd be great fun.

It does show that as great as the current third-party apps are, there is a potential to do some damage if you use untrusted sources (as many of them are).

I'd love to have been around and seen what ensued after STE rang his dad though...
 
Comment

ert3

macrumors 6502a
Dec 10, 2007
802
0
It was bound to happen.

Hopefully Apple's protection will go farther than the "This App was downloaded from the web" reminder.

In the end of this scatered thought I would just like to hope that the iPhone does not become a tool for viruses to jump from your phone to your mac and that we don't see the iPhone become so full of security holes that eventually we get Norton-iMobile edition or the like.
 
Comment

matticus008

macrumors 68040
Jan 16, 2005
3,330
1
Bay Area, CA
Hopefully Apple's protection will go farther than the "This App was downloaded from the web" reminder.
It does already. A stock iPhone is not vulnerable to this little prank.

This is the consequence of hacking your phone to execute arbitrary code. This is the consequence of an uncontrolled community. You've got to take the good with the bad--everyone complaining about Apple closing the hacks and the developer community needing to find another way in can now be pointed quite plainly to an example for why.

All in all, this isn't terribly harmful, and it's not self-propagating and people would have to install this voluntarily, so only the lazy and the ignorant will be affected. If you want to jailbreak your iPhones, you should be prepared to take responsibility for its security and that involves not installing mysterious packages with no web presence on the well-trafficked sites.
 
Comment

longofest

Editor emeritus
Jul 10, 2003
2,875
1,532
Falls Church, VA
Doesn't anything truly dangerous going to have to break both the phone and iTunes? I'm no programmer, but it seems to me that the iPhone was designed such that if anything goes wrong, you could relatively easily just restore it (both completely or from backups made already from iTunes). There would be nothing lost by wiping the phone clean and starting over again.

I guess the worst thing that could happen is that info from your contact list or your e-mail could be given out, but that isn't terrible. Rather, I guess its better than losing work or expensive software.

Was thinking the same thing.... anyone have any liable insight on this?

Remember that not all Trojans aim to simply mess up your iPhone's installation. Another form of a Trojan could appear as a valid and useful program, but in the background, it could be sending all of your contact data and email addresses to bad people.
 
Comment

CyberGreg

macrumors regular
Jan 2, 2004
135
0
SoCal
...
So, not a trojan. Just a really really dumb prank with unexpected (but not disastrous) consequences. He probably didn't realise leaving the uninstall stuff would cause problems. Exactly what I'd expect from a kid who was playing around with an xml file and thought that'd be great fun.
...

100% correct and spot on....

Nothing to see here.... move along...
:cool:
 
Comment

ethernet76

macrumors 6502a
Jul 15, 2003
501
0
Yeah sorry I'm not sold on it being an 11 year old or that someone else could have easily done something much worse.

Playing with xml files... well I'm a web developer and have used a lot of xml, I did a bachelor's degree and a master's where I learned such things; and also program a lot of educational resources using xml so I would call myself a professional.

I'm hard pressed to believe this was an 11 year old for 2 reasons:
1) iPhones are damn expensive, what is an 11 year old doing with an iPhone?
2) I work with xml every day in a professional environment and can't see how I'd be able to trash an iPhone using xml.
3) xml is a type of database, not a programming language. I'd be impressed if an 11 year old could get an rss feed going using an xml database let alone hack an iPhone using it (apparently).

Okay so most people with installer.app have root access enabled and have not changed their root password, yes I think people could make software that hacks the iPhone quite easily, but to me this was never a serious threat.

It was an experienced programmer who made it and it was removed from the respiratory less than an hour after being posted so is no longer available. Also it only effects people who have hacked their iPhones against Apple's wishes so does not highlight an underlying problem in Apple's programming.

(sorry, it just wasn't an 11 year old... the rationale is like saying that some 11 year old was fiddling with excel and somehow created a trojan, and it skips the step where they must have used some kind of programming language in order to make the hack and package it up).

At 11 I could program at a sophomore in college level.

Some people's can grasp computer languages even at early ages.

I remember some Y2K stories about the state's computers being fixed by 13-year olds.
 
Comment

AutumnSkyline

macrumors regular
Oct 5, 2006
219
0
dam when i was 11 i barely knew my multiplication tables non the less XML. :p jeez it soon should be manadtory for kids to join an outside sport league or activity.

Some kids don't like sports, or after school activities. I never liked any sport, or after school activity until they introduced DDR and some schools don't have cool alternatives like that, so many students like myself, opted for Computers.:apple:
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.