From the past few months jailbroken iPhones are under the presence of worm attacks.It all started when a Dutch hacker tried to access jailbroken iPhones through SSH in Netherlands.He was successful in sending totally off guarded users a message that read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files“. He charged 5 euros to get back things back to normal.
Next attempt spread was when some jailbroken iPhone users found their home screen background changed to Rick Astley (a 1980’s popstar) with the words “ikee is never going to give you up“, this was the attack by ikee virus which infects iPhone’s via SSH. This virus spread from Australia by a hacker Ashley Towns named it Ikee and it is now quickly spreading to other parts of the world.
What it did was it automatically starts searching for other iPhone’s on the cellular network that use the root:alpine username/password combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again and this goes on like a nuclear chain reaction. ikee virus will disable SSH access on your iPhone and will change the background image to that of “Rick Astley.So recommended action was to change the default SSH password.Hope you have done so.Its creator Ashley Towns said he wrote the ikee program in order to raise the issue of iPhone security.
All these attacks had one thing in common, they were targeted towards jailbroken iPhone users who were using the default root:alpine username/password combination.These two attacks were not targeted to harm users.But with the iPhone/Privacy.A that targeted jailbroken iPhone’s with default SSH user/password gave a hacker complete access on the victim’s iPhone.The hacker can access and copy any user data from the jailbroken device, including emails, contacts, calendars, photos, SMSs, videos, in fact any data the hacker wants.
A security firm Intego explains iPhone/Privacy.A Virus in more detail
“Hackers using this tool will install it on a computer – Mac, PC, Unix or Linux – then let it work. It scans the network accessible to it, and when it finds a jailbroken iPhone, breaks into it, then steals data and records it.
This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.”
Security.nl is reporting that this virus is now spreading from Australia and infecting iPhones in the Netherlands, Hungary, Portugal, Brazil and other countries affecting thousands.This is getting more serious and dangerous now as it has turned into a mobile botnet. A botnet is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet.
BBC.CO.UK reports that a second worm Ikee.B or Duh virus to hit the iPhone has been unearthed by security company F-Secure.It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.It redirects the bank’s customers to a lookalike site with a log-in screen.The new worm is more serious than the first because it can behave like a botnet, warns F-Secure.This enables the phone to be accessed or controlled remotely without the permission of its owner.
“It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it,” F-Secure research director Mikko Hypponen told the BBC.”It’s fairly isolated and specific to Netherlands but it is capable of spreading.”
Ikee.B or Duh virus is far more dangerous than iPhone/Privacy.A virus, and it seems it is spreading rapidly, infecting thousands of jailbroken iPhone users in Australia, Netherlands, Hungary, Portugal, Brazil and other countries.
It is highly recommended that you change your iPhone’s default SSH mobile and root password if you haven’t done so.So to be more secure is by changing your iPhone root password for SSH from “alpine” to something else.
In case you have been infected by the virus here are some tips how to remove them. Getting rid of the ikee virus is the least painful of the three.
Start by downloading the MobileTerminal app from Cydia and installing it on your iPhone if you don’t already have it. Restart.
Open up the MobileTerminal app and login under your root account (if you haven’t changed the password yet, the login is “root” and the password is “alpine”).
Use the following commands to delete these files. These commands are case-sensitive, so be careful.
rm /bin/poc-bbotrm /bin/sshpass
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
If that doesn’t do it, an alternate version of the ikee worm requires you to remove these files instead.
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup.so
rm /usr/libexec/cydia/startup-helper
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
If you removed the above four files, you’ll have to reinstall Cydia.
Users worried about iPhone/Privacy.A will need to rely on their antivirus software to catch it on their computers (Intego’s VirusBarrier X5 will catch it for the Mac) but it’s unclear if any of the big security software companies have addressed it yet including Fsecure.
For users infected with the Ikee.B or Duh virus worm, there’s no fix at the present short of backing up your data and restoring your firmware to factory conditions.
Popularity: 1% [?]
Here is also a very good and simple way (for everyone) to protect your iPhone:
http://www.citrusblog.net/?p=183
CitrusBlog.net´s last blog ..iPhone Worm – How to protect your iPhone