The first iPhone virus – in the wild

[David Heath]

If you have jailbroken your iPhone, enabled SSH and neglected to change the default password, expect to get infected very soon!

Featured Whitepaper

5 Best Practices for Smartphone Support

The virus, called Ikee, does a fabulous job of rickrolling iPhone users.  Anyone infected will have their background picture changed to a picture of 1980s pop sensation Rick Astley with a message "ikee is never going to give you up."

Ikee seeks out iPhones with SSH enabled but still using the default password (hint: it's alpine).  On non-jailbroken phones, SSH is disabled by default and so such users are unlikely to be affected; this is more likely to infect jailbroken iPhones which have had SSH enabled to permit easy access from other computers.

Sophos' Graham Cluley, writing in his blog says "The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH."  He goes on to say that "SophosLabs is analysing the worm's code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labelled the "D" version) is that it tries to hide its presence by using a filepath suggestive of the Cydia application.

"The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them."

It appears that the worm does nothing more than change the background and go looking for other iPhones to infect; but that doesn't make it innocuous.  Such access is well-defined as illegal under Australian law; additionally, the virus is a perfect test-bed for other, more malicious, people to add their own payload.

Amusingly, Cluley's blog seems to expose the identity of the virus writer as a young man from Woollongong.  Readers can look at the blog for details – they won't be written here.

"If you have a jailbroken iPhone, change your SSH passwords now," urges Paul Ducklin, Sophos's Head of Technology, Asia Pacific. "If you don't have a jailbroken iPhone, you probably also ought to change those passwords, since it makes no sense to have poor passwords pre-configured for any operating system service, whether it runs by default or not.

Ironically, it seems that Apple don't want you to do that -- just the sort of operational restriction which led to jailbreaking in the first place."

(The author does not own an iPhone.  Perhaps a reader might like to add instructions on changing the SSH password as a comment to this article)

Article Link at http://www.itwire.com/content/view/29168/53/

[Bennysaurus]

(These steps are for a jailbroken 3GS - Not sure if there are any differences for the other styles of phones)
Step 1: Activate your WiFi connection on your phone.
Step 2: Find your IP:
- Go to Settings, Wi-Fi, select the little circle next to the network your are connected to. Note down your IP.
Step 3: SSH into the phone:
- Hop on a computer connected to the same network and download Putty - http://www.chiark.greenend.org.uk/~sgta ... nload.html - (the easiest and free option to connect to anything via SSH)
- Connect to the IP address you found in step 2.
- Username is root
- Password is alpine
Step 4: Change the password!
- type sudo passwd root and press enter.
- It will ask you for a new password, type it in, press enter and confirm it by typing it again.
- Done! Type exit and enter - it should quit automatically.

Any other issues, Google is your friend.

[Liperty]

[These steps are for a jailbroken iPhone]
(sourced from - http://www.the-iblog.com - biggup to them)

BossPrefs is a Cydia app that lets you do lots of handy things, including turning off your SSH - but it's better to turn SSH off when you aren't using it AND change the password to something unique to your phone (like wearing a belt AND suspenders.. ok maybe not). I only have SSH on when I'm FTPing to the phone - which is fairly rare these days. The other way to secure your SSH is to change your password using the 'MobileTerminal' application - which allows linux type commands..

Install MobileTerminal from Cydia (or other?) and type

'passwd'

Now you’ll be asked for your old password which should be ‘alpine’
Then you enter your new password and then confirm by entering it again. This should make it a bit harder for SSH viruses to find their way to your precious iPhone.

Cheers all, -=Lip=-

... wouldn't it be nice if we could use our iPhones however we liked without having to battle Apple every step of the way.. don't even get me started on iTunes...