Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

iPhone users should change the default password to avoid attack

Sophos : 24 November, 2009  (Technical Article)
A new virus for the iPhone represents a more serious threat, one which is easily avoided by changing the default password on the device
IT security and data protection firm, Sophos, is warning that a new virus attacking the users of jailbroken iPhones is the most serious to date, since it turns infected iPhones into zombies, joining them to a botnet.

Two weeks ago the first ever iPhone virus appeared, changing the wallpaper on infected phones to an image of 1980s pop star Rick Astley. However, aside from gobbling up bandwidth and Rickrolling iPhones, it had no additional criminal intentions.

Sophos reports that over the weekend, a new iPhone worm (informally called 'Duh' or 'Ikee.B' by security researchers) was reported spreading in the wild in The Netherlands, designed to connect to a server in Lithuania and to follow orders from remote hackers. The 'Duh' worm hunts for vulnerable iPhones on a wider range of IP ranges than Ikee, which was only ever reported in Australia. 'Duh' includes IP ranges in several countries, including The Netherlands, Portugal, Australia, Austria, and Hungary.

'This latest iPhone malware is doubly criminal. Not only does it break into your iPhone without permission, but it also cedes control of your phone to a Botnet command server in Lithuania,' said Graham Cluley, senior technology consultant at Sophos. 'That means your iPhone has just been turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised,'

In addition, Sophos reports that 'Duh' changes the password on your iPhone - meaning that cybercriminals know what it is but infected users don't, allowing criminals to log back into your iPhone later. However, SophosLabs researcher Paul Ducklin managed to recover the password - revealing that infected users can login as root with the password 'ohshit'.

'Apple's default root password - 'alpine' - on the iPhone breaks two fundamental rules - it's both a dictionary word and well-known. This doesn't matter for most iPhone users, as they haven't jailbroken their iPhones and installed SSH to allow remote access - but the new worm will break in and immediately change it. This change is made by directly editing the encrypted value of the password in the master password file, so that the new password is never revealed,' explained Paul Ducklin, head of technology in Sophos Asia Pacific. 'This password-changing represents an additional risk, as it means that cybercriminals now know what your password is - allowing them to log back into your iPhone later - but you don't, so you cannot login and eliminate the virus.'

Sophos strongly recommends that all users of jailbroken phones, change their passwords from 'alpine' immediately to avoid further attacks.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo