Worm for Jailbroken iPhones with Default Root Passwords

The web went aflame today with headlines like “First iPhone worm discovered”, and many other variants. Most of those headlines, however, left out a very important little fact which diminishes the impact of the news considerably: it only affects jailbroken iPhones with SSH installed, and with default root passwords.

That’s quite a set of conditions you got there. Not only do you need to jailbreak your iPhone, but you also need to install SSH, and to top it all off, leave the root password as-is. I don’t know about you, but if you’re that lax about security, then it’s hard to feel sorry for you.

The worm in question was spotted in Australia, and was mostly benevolent, as it served more as a warning to insecure jailbroken iPhones than anything else. It changed the wallpaper on your iPhone to a picture of Rick Astley, with the text “rikee is never going to give you up”.



Once infected, your iPhone will look for other jailbroken iPhones with SSH installed and the default root password, after which it will proceed to infect those phones too. It’s a classic worm, but completely harmless. In fact, I’d argue it’s a positive thing, as it will nudge owners of jailbroken iPhones to properly secure their devices.

This same SSH/default password “exploit” has been used before; I know of at least two occasions where it was used in The Netherlands. Last week, for instance, a cracker scanned the IP range of T-Mobile in The Netherlands, and disabled some dozens of jailbroken iPhones. Initially, he demanded money for fixing them, but later on he posted a fix for free on the ‘net.

What you’ll see happening now is two things. First, people will claim this is a flaw in the iPhone and that Apple needs to do something about it. Nonsense of course, as this is not Apple’s fault. Two, you’ll see Apple fans claiming that jailbreaking is inherently dangerous, and that Apple is right in demanding that it remains illegal. This is also nonsense, as it’s not jailbreaking that’s dangerous – leaving your device with the default root password is. This is true of any computer.

All in all, this is pretty much a storm in a teacup. Own an iPhone? Nothing to worry about. Own a jailbroken iPhone? Just be sure to change the root password. That’s all.

20 Comments

  1. 2009-11-10 12:04 am
  2. 2009-11-10 12:12 am
    • 2009-11-10 12:36 am
  3. 2009-11-10 1:13 am
    • 2009-11-10 1:33 am
      • 2009-11-10 2:55 pm
        • 2009-11-10 11:55 pm
          • 2009-11-11 3:17 pm
          • 2009-11-11 7:33 pm
          • 2009-11-11 11:49 pm
          • 2009-11-12 7:34 pm
          • 2009-11-12 8:44 pm
          • 2009-11-12 10:52 pm
          • 2009-11-12 6:02 am
        • 2009-11-12 6:14 am
  4. 2009-11-10 6:34 am
  5. 2009-11-10 8:34 am
  6. 2009-11-10 10:05 am
    • 2009-11-11 2:23 am
  7. 2009-11-12 6:00 am