What lessons can be learned from the iPhone worms?
Nov 24, 2009, 19:32 (0 Talkback[s])
(Other stories by Nathan Willis)
"Ikee was created on November 4 by Ashley Towns, a programmer
from Wollongong, Australia. The worm propagates by scanning IP
ranges in the blocks used by the iPhone's Australian carrier,
checking for iPhone OS fingerprints, and looking for a running SSH
daemon on any iPhones it finds. Because all iPhones ship from the
factory with the same default root password, "alpine", the worm can
connect, copy itself over to the new device, install its signature
wallpaper, and repeat. Ikee also deactivates SSHd on the host phone
as part of its payload, but it does not change the root password.
Thus, restarting SSH makes the phone vulnerable to reinfection.
"It attracted considerably less public attention than Ikee, but
on November 2, a worm surfaced in the Netherlands using the exact
same attack vector: IP range scanning of the approved 3G carrier,
OS fingerprinting, and connecting via SSH using the default
password. The Dutch worm lacked the campy sensibility of Ikee;
rather than Rickrolling the iPhone's wallpaper, it popped-up a
message telling the user that the iPhone was insecure and asking
€4.95 for instructions on how to secure it. That same day,
however, the author changed his mind and posted both an apology and
free instructions for securing the phone on the web site to which
the worm pointed its victims."