New iPhone Worm: How Worried Should We Be?
Numerous reports have surfaced over the weekend regarding the first iPhone worm spotted in the wild. The worm, known as iKee, only affects modified handsets also known as "jailbroken" devices. These devices have been hacked by their owners to allow for the installation of unapproved, third-party programs that aren't allowed in the iTunes App Store.
Currently, the worm doesn't appear to be all that malicious - it simply changes the phone's background image to a photo of singer Rick Astley, the man whose song "Never Gonna Give You Up" has become a well-known internet meme called "rickrolling," a joke where users are tricked into clicking links that redirect them to Astley's YouTube video.
Despite the relatively innocuous nature of this particular attack, it may be the precursor to future attacks of a more malicious nature. But how dangerous will these attacks be to the iPhone-owning population as a whole? Is there really a need for concern?
About the iKee Worm
According to the hacker, 21-year-old Ashley Towns, a student living in New South Wales, Australia, iKee was created to highlight the iPhone's poor security. Apparently unrepentant about his creation, Towns has made no attempt to hide his identity, posting on internet forums and on his Twitter page about his hack. He even cheekily tweets a response to a post on security firm's Sophos blog where the writer had sought out the hacker's identity via Google searches: "You know man if you wanted my number you could have asked." And he wasn't kidding - Towns has been happily responding to media requests via his Twitter account. For example, he told ABC News that he had personally infected 100 iPhones with the worm. From those phones, he explained, the worm will then try to spread to other devices.
Perhaps the reason for his transparency has to do with the relatively harmless nature of the attack. The worm just changes the iPhone wallpaper on the affected devices. However, as the Sophos' post points out, "accessing someone else's computing device and changing their data without permission is an offence in many countries."
While that may be true, it's clear that Towns feels as if he's almost doing a public service by exposing a security vulnerability that many jailbroken iPhones face.
More Hacks Expected?
While this particular worm appears to be localized to Australia, it could have spread to other countries and eventually, worldwide. It also comes directly on the heels of another similar attack on jailbroken devices. Only last week, a Dutch hacker broke into jailbroken iPhones and then displayed a message on the comprised devices demanding a ransom of 5 Euros. This attack was also made possible through the same vulnerability that the iKee worm uses.
Graham Cluley of Sophos predicts that other hackers will be tempted to write their own code now that they've seen what's possible. In addition, some hackers may be more malicious with their creations than what we've seen so far.
But Who is Really Being Affected?
However, even if the attacks escalate, the fact of the matter is that the potential victims are a minor subset of Apple iPhone users. To begin with, they're relatively tech-savvy to have managed to jailbreak their phones to begin with - a process which involves using downloadable software tools that unlock Apple's control mechanisms on the device. While not overly complex, most mainstream iPhone users won't bother to take this action, content with the iTunes App Store and its 100,000 or so available applications.
And then there is the fact that the attacks don't even affect all jailbroken iPhone owners - they only affect those who have also installed a program called SSH on their devices. The program allows users to access the iPhone's filesystem with the username of "root" and password of "alpine." Since few SSH users had bothered to change this root password, that left their phones open to attack.
Still, how many people are we talking about here? And what sort of iPhone user are they? Although exact numbers of jailbreakers are unknown, mobile analytics firm Pinch Media recently revealed data showing there are at least 4 million of these jailbroken devices in the iPhone ecosystem. It's not known how many of these users have also installed SSH.
For the most part, it's likely that those who have done so are knowledgeable enough to prevent future attacks on their devices even if they had become a victim of one of these recent hacks. At the very least, they're now aware of the issue and can follow the straightforward instructions available on the web that explain how to change the root password so it's no longer the default.
More Dangerous than the iPhone Worm: Dishonest Developers
Despite all the media hoopla over this "first iPhone worm," it's not something that most iPhone owners will have to worry about. What's more concerning are the claims that a supposedly legitimate iPhone development firm has been collecting personally identifiable information from the users of its App Store-approved iPhone games which have been installed over 20 million times. According to a suit filed in the U.S. District Court in Northern California, the firm, Storm8, has been using a backdoor method which allowed them to collect the phone numbers of anyone who had installed their applications. This wouldn't be the first time that an iPhone developer has done this, either. Apple actually provides an easy way for developers to tap into this information, if they so desire.
If anything, this is the real threat that the media should be focused on, not the iPhone worm.
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I wish the feds would reallocate just a fraction of the money they spend on fighting terrorism to finding and stomping a mud hole in developers that send this type of trash out.
Never gonna give you up...Never gonna let you down...
Should we expect more? iPhone should do something about it right? Hmm..
"..other hackers will be tempted to write their own code now that they've seen what's possible"
The iKee worm was able to access the phone address book, SMS messages and email. Considering how much personally identifiable information people store on their mobiles, we should be concerned if this indeed leads to further malware with more malicious intent.
This isn't even interesting. It only affects you if you intentionally turned off the security measures in your iPhone by jailbreaking. The whole point of jailbreaking is that you want to turn off those protections and brave the wild wooly Internet and trust to the goodwill of the techno-terrorists in the Russian Mafia and Chinese underground, just so that you can run crappy home-made apps in the background and host an SSH+AFP+HTTP server on your phone or something.
Just restore to factory settings, Jailbreakers, and your troubles are over. Then maybe buy some of those apps you pirated too, losers.
@Peter: What sort of rubbish logic are you using? This is Apple's fault because they did not provide a mechanism for you to install your own software?
The problem with your suggestion is that Apple WILL be blamed whether or not users install Apple reviewed apps or not. The iPhone will be labeled as insecure and pissed off users will refuse to take personal accountability for downloading and installing random apps and WILL blame Apple. Just like Microsoft gets blames for Windows lack of security every time someone falls for a web site phishing scam.
People blaming Apple are missing the point. The end USER hacked his/her OS and left a BACK DOOR to be exploited. THIS IS USER ERROR not a platform failure.
Posted by: islandinthenet.com
|
November 9, 2009 9:18 AM
I recently wrote a blog post about this type of behavior and my expectation of this trend increasing it's occurences.
The solution that I see is that Apple should drop the walled garden approach, open the App Store and concentrate the approval process on determining the security / maliciousness of the app submitted. In essence, to become a 'trusted' retailer of apps. This will do a lot to foster good will, still keep App Store revenue flowing in and keep the bad apps out.
Now, this has little to do with the current exploits created by users hacking the devices, but lots to do with the apps that are currently in-store, that steal users data.
How worried should we be that people who jailbreak their iPhone cannot read the f'ing manual and change a default password? Let me draw a parallel for you:
Q: How worried should you be that the guy who mods out his car's engine ECU (computer) past factory spec has an engine explosion and blows him/her-self up?
Hint: WHO CARES? they did it to themselves, the car is safe from the factory until you screw with it, and can't even read the manual for the specification limits.
Make sense?
"For example, he told ABC News that he had personally infected 100 iPhones with the worm. From those phones, he explained, the worm will then try to spread to other devices."
If this was someone who had written one of the viruses on the PC wouldn't he have been thrown in jail by now?
Your headline should read: "Only *JAILBROKEN* phones get virus".
If you don't illegally jailbreak your phone... you will NEVER get this virus.
Why do so many of the articles here have VERY misleading headlines... and then buried
deeply in the text... you'll see that only jailbroken phones are affected?
This is a non-story. This hack does not work over the cell network, and it is not ?infecting? other iPhones through the address book or any other method.
This is a Wi-Fi hack, meaning the person doing it must be on the same Wi-Fi network, and you must have jailbroken the iPhone, installed SSH, and then been dumb enough to not change the default root and user passwords.
As usual, cnet can?t bother to do the simplest research or fact checking before posting a story.
This article is, indeed, very interesting, not because it talks about an iphone being "wormed" by a 21 years old aussie but because of the real "worm" that is in EVERY iPhone: the AppStore. But the comments are way more funny.
It seems like people with a non-jailbreaked iphone are almost "happy" that this happens to nasty jailbreakes but it also seems that they do not even understand that the real "hack" are the apps installed on each iphone, that can use and abuse of your private data without prior consent or notification.
I totally agree with Bastien, they should open up their minds a bit by simplifying the developing platform & distribution process and by making both the SDK and the AppStore accessible to all developers, ideally for free.
I do not understand how Microsoft can get sued by antitrust for IE while there is no (and perhaps will never be) other browser than this piece of shit safari, you got no choice, everything is locked up, limited, restricted, all of this so that you can pay more, pay again, waste your time and your money, all that in the name of what? Economy and profit, right? This is a total non-sense.
Now finally, for these who love parallels, let me try this one:
Q: Do you expect your phone to be able to send MMS when it has a (3 generations late) camera built-in?
A (Apple): No, that is not currently available
A (Reality): Available through Jailbreak
Q: Do you know of a phone that I cannot put ANY SIM (gsm) chip on it, regardless of where I bought it or what country I move to?
A: Yeah, only iPhone offers you such an usefull feature that you are sticked with the damn operator you picked, why would you change.
Q: Is the iPhone OS based on another OS and if so, is that same OS based on anything else ?
A: iPhone OS is "based" on OSX, which is based on a so called thing called Darwin (supposedly open source) that is based on a variant of Linux (Nextep & FreeBSD). (Note: I admit, they've done a good job at it, but still, it was open source)
Q: Can I get any of the applications I see in the TV ads?
A: Of course, if you have a credit card, an apple user account, and a software called iTunes.
Q: Can I upload music from and to my iPhone at my will?
A: Of course, but you need iTunes, to convert your MP3 to an Apple format, that only iPhone can read, and to place them on device...
Q: Who the frack is "offending" who? Who is forcing your choices, who is telling you lies? WHo is pretending to sell the best phone on earth (which I really think it is) but then pitifully makes everything possible so you can't enjoy these cool features unless you pay more and more and more?
A: Starts with an A, ends with an E, and has two pee on the middle.
Think about that folks, jailbreaking should not be a crime, but Apple's policy to deliberately limit and restrict that wonderfull device should be considered criminal.
Keep you mind open rather than your wallet...
Here is a very good article on how to protect your iPhone and with some informations about the new worm: http://www.citrusblog.net/?p=178