TechStuff
Navigate today's cutting-edge technology with the gurus from HowStuffWorks.
New iPhone Worm Means Business
by Chris Pollette | November 23, 2009
Mobile devices aren’t usually the first targets you might think of when it comes to viruses, worms and Trojans. In fact, you could probably be forgiven for not knowing they exist at all. But I think that the recent popularity of smart phones with the consumer market may bring with it an interest in programming malware for those devices, as well.
And for a hacker who wants to make his or her mark on the consumer smart phone world, what better place to start than with the little machine that helped start the whole craze? Though certainly not the first smart phone, Apple’s iPhone was arguably the first smart phone that people found a reason to embrace for their personal use. And it’s sold millions for Apple.
Chet Wisniewski of security provider Sophos posted Saturday about a new worm that affects the iPhone. An Internet service provider in the Netherlands identified the malware. The worm executes itself when you turn on your device, and it also takes data from the iPhone or iPod and sends it to a server in Lithuania. It only affects those iPod Touches and iPhones that have been jailbroken, or unlocked to allow non-Apple-approved software on them. Attacks have been detected on ISPs around the world, including T-Mobile in many countries, UPC in the Netherlands and Optus in Australia.
The malware assigns each iPod or iPhone a unique number so the hackers who wrote the software can control it as they would with a zombie computer. It also looks for SMS-based authentication systems, the type used by financial institutions for mobile banking purposes. From what Wisniewski said, the worm operates faster on a WiFi network than it does on the 3G network; if your device is infected, you’re likely to see the battery run down more quickly than usual, due to its high network traffic.
If you’ve got a jailbroken iPhone or iPod Touch and suspect that something’s awry, Wisniewski said the best solution at this time would be to revert to an earlier Apple firmware, which will un-jailbreak the device. But it will also prevent the worm from running.
Will mobile malware become a normal happenstance? Will other operating systems, such as Google’s Android, have to fend off similar problems? Time will tell. In the meantime, take a look at these articles for more on these and other related topics:
How Hackers Work
How Cell-phone Viruses Work
How Zombie Computers Work
-
Tasty Burger says:
I wonder if apple had anything to do with making this software, so that people would have to un-jailbreak iphones and go back to apples supported software only.
-
howstuffworksluvr says:
makes sense… but they could get into a lot of trouble for that… how i love conspiracy theorys.
-
DarthVader says:
But why would apple do that? If people stop trusting their iPods and iPhones with the news generated by this, they will stop buying Apple products. The logic of switching to droid when a iPhone bug that can take your info is in the news is the same logic that causes you to stop eating tomatoes when a eColi outbreak is occurring.
I have a feeling, however, that these viruses will become more prevalent. People don’t suspect their phone to be bugged, and thus they keep their info on it. This makes it a lucrative business for hackers. Also, due to apples monopoly of software, people have a sense of security. And greed causes them to jailbreak…
Just wait until hackers break a on-jail broken system. That’s when hell breaks loose.
-
Kolawole says:
I feel very soon it will become irrelevant
-
Tronam says:
We’re missing a little bit of information, I think. How is the malware getting onto the phone in the first place? The hacking group (Dev Team) that develops the jailbreak tool for the iPhone does not install malware on iPhone devices. They’re a reputable group of folks that merely believe in keeping the iPhone OS open so that it can be modified as we wish without having to conform to Apple’s “walled garden”. Is this malware getting installed through a specific 3rd party application or is this some kind of security exploit that injects itself into the phone’s OS right over the Internet?
-
Chris Pollette says:
Tronam,
According to Paul Ducklin at Sophos, the worm (now called the Duh worm) has an infector component called sshd — Ducklin said it’s derived from the Ikee virus, probably. It hunts through IP addresses, looking for something it can infect over SSH. If it manages to log in to a jailbroken iPhone with the username root and password alpine, it’ll create a directory into which it can install the malware component.
Ducklin said the software creates an infection ID for your iPhone (I assume that’s so it knows who’s who), which it sends with the device’s system name and IP addresses assigned to it to the server in Lithuania. It also changes the password to something I’m not going to type out here.
Another component, syslog, is the zombie part of the software that allows the hackers to control a jailbroken iPhone or iPod Touch.
Ducklin provides much more specific information, which may be of more interest than this brief summary. It also provides instructions on how to remove the Duh worm.
-
-
DarthVader,
Apple probably sees this as a good thing; after all, now they can say, “See, this is what happens when you jailbreak your iPhone or iPod Touch. Just leave it the way we sent it to you, and you’ll be fine.”
And that’s the case, for now.
I just wonder if the operating systems for smartphones have other vulnerabilities that could be breached by a determined hacker…
-
Ok, after some further investigation it would appear that the virus is taking advantage of the fact that all iPhones are set up out of the box by Apple with the same exact default password for “root” access. This is the equivalent to the Administrator account on a Windows system that has full access to everything. Imagine all Windows computers shipping with “alpine” as the default password and it never asking you to change it. Since the jailbreak tool sets up the iPhone as an SSH server so that it can receive SSH login requests, the virus scans ranges of IP addresses on the Internet attempting SSH logins on any phone that will allow it. Once it logs in successfully, it installs the rest of the virus payload and even changes the root account password. Ehl-Oh-Ehl
For those of us that jailbreak our iPhones, it’s actually really nice to be able to SSH into the phone remotely, but leaving the root password at the default is a gargantuan security hole just waiting to be exploited. If you simply change this password, the virus is harmless. Fun times!
-
I forgot to hit send and my last reply sat in the browser for the past half hour, so it’s out of sync.
This is such a no-brainer vulnerability and I’m very surprised it hadn’t been exploited before. We’ve been SSH’ing into our iPhones with the “alpine” password for almost 2 years now. It’s kind of disappointing actually. I was expecting something a little more… awesome, like taking advantage of some low level weakness in the iPhone OS security subsystem. Instead, we basically get a kiddie script that’s guessing your password and then downloading itself to your phone.
-
Alex says:
Ha!! I have a Zune, so I don’t have to worry. The stupid iPod Fans deserve it.
Recent Postings by Category
BrainStuff
- Interesting Reading #414 – The tiniest computer, hearts really can break, family pays $5,000 per year for connections, New font saves ink and much more…
- Public Service Announcement – Soft drinks nearly double your chances of pancreatic cancer
- Amazing – Going inside the Giant Crystal Cave
FanStuff
- What’s art — and what’s groundbreaking — in video games?
- Ursula K. Le Guin vs. Google Books: Round Two
- “Lost,” “Fringe” and That Whole Alternate Universe Thing
How-to Stuff
- How to Take a Road Trip, Abraham Lincoln-Style
- How to Explain Love in the Least Romantic Way Possible
- How to Quiet a Barking Dog
ScienceStuff
- Space Music Vol. 8: Sun Ra and Afrofuturism
- Stuff from the Science Lab Roundup: Space Eats and Grow Houses
- Why does time fly as you get older?
Stuff You Should Know
The Coolest Stuff on the Planet
High Speed Stuff
- The Toyota Recall: Where can you get the latest information?
- What is Toyota doing to fix its gas pedal problem?
- High Speed Stuff Wrap-up: Automotive Pet Peeves and Polar Vehicles
Keep Asking
- How does an airbrush work?
- Is the Internet free? If you want to make a website, will it cost you to put it online?
- If you look at a piece of glass from an angle, why does it have a bluish or green tint?
Stuff You Missed in History Class
- Last Week in History Podcasts: Battle Horses and Black Moses
- The Wonderful Adventures of the Nurse We Forgot
- Black History Month on HowStuffWorks
10 Comments