iPhone worm: good news or bad news?

Well, Apple is everywhere in the news these days … I really enjoyed the news of the first iPhone worm being unleashed in Australia. The question I ask today is: how bad is that news?

It sure sounds bad at first. worms are not the kind of beasts that we want to see on our mobile devices. And a worm that gets on your phone on shared WiFi connections could lead to a lot of paranoia in California’s Starbucks.

Now wait, this worm only attacks jailbroken iPhones. As such, it is at least good news for Apple, as it makes people realize that jailbreaking your iPhone may have consequences, not all good. By extension, it is good news for all the actors that rely on Apple’s closed platforms and on other similar platforms.

Now, this is not the last bit of it. Even for Apple, the news aren’t all good. The worm doesn’t affect all all jailbroken iPhones, but according to Wired,

jailbroken iPhones whose owners have installed SSH and neglected to change the default root password, “alpine.”

If this is right, it sounds quite scary. Does it really mean that iPhones are Unix-based machines that all have the same root password, that the user can’t change (unless they jailbreak their phone)? For me, that entails that if a hacker is able to somehow very very partly jailbreak an iPhone using a worm or other malware, they won’t encounter much resistance from root passwords.

This is really bad news, and could be by itself a good reason to jailbreak an iPhone. And of course, it makes me wonder about the protection of my own (Linux-based) Android phone.

3 Comments

  • The SSH is only installed in order to access some hidden capabilities of a jailbroken iPhone i.e. it is not installed by default. And it possible to disable the SSH server afterward or to change the password. It’s just that most people don’t. The security of the iPhone is not so bad.

  • I have recently blogged on a few simple steps to secure a jailbroken iPhone. Of course, one should change the password, but it’s also a good idea to disable root login via SSH and to enable syslog.

    Enjoy :)

  • OK, so the news are basically good for Apple. The danger comes from jailbreaking. .Now, of course, some security girls are nice enough to write security guidelines for jailbroken phones.

Leave a Reply

Your email is never shared.Required fields are marked *