Malicious iPhone Worm Hitting SSH Users ➝

It should come as no surprise that iPhone jailbreakers who turn on SSH and don’t change the default password are at risk.

Chester Wisniewski regarding the worm:

It configures two startup scripts, one to execute the worm on boot-up, and the other to create a connection to a Lithuanian server (HTTP) to upload stolen data and cede control to the bot master. Security.nl also says that the worm changes the root password from the default of “alpine” that Apple set in the factory firmware, making it more difficult for users to secure their devices. The recommended method to remove this malware from your iPhone is to restore the Apple factory firmware using iTunes.

Remember that the only users at risk are those who have jailbroken their devices, turned on SSH, and have neglected to change its default password.

The Loop spoke with Apple spokesperson, Natalie Harrison about the worm:

The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software. As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.

I happen to agree with Natalie, I jailbroke my iPod touch a month ago and ended up restoring its firmware because of the increase in crashes. But, in the mean time I spent a couple of days playing around with all the jailbreak apps. During that time I came to one conclusion: aside from tethering, the only reason to jailbreak your device is to pirate App Store apps. Because of that, I find it difficult to support those who jailbreak their device.