Monday, November 23, 2009

Keeping the Worms Out of Your Apple.... iPhone!


Recently I have noticed a bunch of articles being written about worms infecting jail broken iPhone. These worms vary in maliciousness from basically Rick Rolling you, to trying to steal your banking information, but they all exploit the same thing. These worms assume that the owner of the jail broken iPhone did not change the SSH password that allows directory level control of the iPhone systems. If you are unaware of what SSH is basically it’s a way to connect to something running Linux, which is what the iPhone OS is based on. Once connected the user can pretty much do whatever they want so long as they have the proper permissions. The problem is that all iPhone have the same password for the ‘root’ user, however only jail broken iPhone give the owner the ability to utilize that SSH. In a world with no jail breaking this would not be an issue since no one could get access to the iPhone through SSH, however in reality we have users that want to both have a jail broken iPhone and the functionality that comes with having the ability to SSH into your device.
The one thing to keep in mind is that when you gain the ability to SSH into the iPhone, you also need to take on the responsibility to protect your device. This means you need to change the friggen SSH password from ‘alpine’ which is what it is for ALL iPhones to something else. You can Google exactly how to do this but suffice to say it is really easy (I googled it for you) and if you can successfully SSH into the phone you can have the password changed in seconds. Now you have an iPhone that is as secure as any Linux computer out there and these worms will not bother you.

No comments:

Post a Comment