About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Home » Industry Watch » The Technological

New iPhone Worm Crumbles Continents, Topples Governments

Unfortunately there's an easy solution. Unfortunately.

Get It

Try It

PARIS (Rixstep) -- This is simply too good to be true. Your eternal protectors Intego have 'discovered' a new strain of the 'Rickroll' iPhone worm in the wild. They're 'identifying' it as iPhone/Privacy.A. Of course they are.

Which is actually counterproductive and disrespectful as Rixstep researchers holed up in the Galactic Antivirus Bunker™ have already decided to 'detect' the worm as iPhoneOS.Rollrick.D. There has to be some semblance of order in the antivirus community if we're to be able to keep the enemy at bay.

Tsk tsk. But never will an antivirus company pass by a chance to scare people into buying products they don't need. What's amazing is that all the information - including the larger than life clues that you don't need their wares - is right there on the same web page that tries to sell them to you.

They even provide a helpful diagram for you so you can see how this evil thing spreads - to your computer.

But there's more - too bad for Intego.

1. 'When connecting to a jailbroken iPhone, this tool allows a hacker to copy a treasure trove of user data.'
('Treasure trove'?)

2. 'Hackers using this tool will install it on a computer - Mac, PC, Unix or Linux - then let it work.'
(Mac, PC, Unix or Linux?)

3. 'This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network.'
(Or give an iPhone to King Kong who can wave it at planes from the top of the Empire State Building.)

4. 'Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.'
(This, would be like, the first wireless hack, ever. Wow.)

The Intego Disclaimer

They're effectively saying they can do nothing at all for your iPhones - but if you have hacked computers in your corporation they might be able to find them. If in fact this iPhone worm somehow spreads to ordinary computers.

So why buy Intego products if they can't protect you anyway? Well here's the punch line: the only iPhones affected are those that are 1) jailbroken; and 2) still have the utterly moronic default passwords 'alpine' and 'dottie' which about every primate on the planet knows about by now.

So even if you've jailbroken your shiny iPhone you're not going to get in trouble if you 1) don't have SSH on; or 2) at least change your passwords to something a bit more difficult to crack than the defaults which are published all over the web.

This is simply too good to be true. If this were a gorgeous layer cake with sugary frosting then no one would be able to resist. There are so many great layers to this incomparable sloppy stupid mess.

  1. Apple initially release the iPhone with no security and with the passwords eminently accessible.
  2. Apple begin applying security first after the fact by using a kernel update that demands root certificates.
  3. Take away that first and only line of defence and the security of the iPhone is again as crappy as Windows 7.
  4. The drooling troglodyte demographic want to break free of Apple (who doesn't) and so jailbreak their iPhones.

But they leave their passwords in place. It's really easy to change them but remember the demographic they represent.

And now you've got good old Intego jumping in for the joyride. That's the icing on the cake. Get out the sparklers and put on the paper hats. It's party time.

Further Reading
Red Hat Diaries: iPhone
Industry Watch: iPhone Hacked
The Technological: Alpine Dottie
Industry Watch: iPhone Unlocked
The Technological: Effective UID: 0
Red Hat Diaries: iPhone and Security
Red Hat Diaries: iPhone and the Media
Developers Workshop: iPhone Ramdisk
Developers Workshop: Opening the iPhone
Red Hat Diaries: iPhone and Full Disclosure
Hackint0sh: iPhone Root Password Cracked
Industry Watch: iPhone: A Bit of This, A Bit of That
Full-disclosure: iPhone Security Settings (Erik Tews)
Developers Workshop: iPhone OS X System Architecture
Carnegie Mellon: iPhone security settings by Xeno Kovah
Full-disclosure: iPhone Security Settings (Kevin Finisterre)
Industry Watch: iPhone Bootloader: Hackint0sh Progress Report

About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Copyright © Rixstep. All rights reserved.