New iPhone Worm Stealing your Sensitive Data!
While listening to the latest SecurityNow! podcast from the TWiT Network, Steve Gibson
the host of the podcast and security expert mentioned there was not only one but two
new iPhone worms that arenít just changing wallpapers like the ikee iphone worm reported
a few days ago. This time, the worms are stealing personal information such as your contacts,
photos, text messages, email and even music. Currently, thereís only two known worms
but more are definitely expected.
The worms arenít named in the podcast, but these are serious worms.
This affects jailbroken iPhones running OpenSSH and the only way to prevent from getting
attacked is by changing the root iPhone ssh password or to uninstall OpenSSH.
So to avoid this you need to change the iPhone SSH password.
Look here on how to do this.
If youíre freaked out about getting attacking by the ikee (otherwise known as ike_x) iPhone worm and want to change your SSH password on your iPhone then look no further! Weíll show you how to change it easily.
Note: This is only for jailbroken iPhoneís with OpenSSH installed and MobileTerminal installed
Note 2: We are not responsible if your iPhone blows up during this process or if you mess up and forget your password! Use at your own risk!
1. Get your jailbroken iPhone and open MobileTerminal (If you donít have it already, get it from Cydia)
2. In MobileTerminal, type in: su root
3. Itíll ask you for a password, type in: alpine
4. To make the screen a bit cleaner, type in: cd
5. Now, to change your password, type in: passwd
6. Enter the password you desire (You will not see the characters in the screen as you type them for security reasons)
7. Enter the password you entered once more
* Youíre essentially done, if you want to change the password for the mobile space on the iPhone, continue readingÖ If not, close MobileTerminal and pat yourself on the back.
8. If youíre going to change the password for the Mobile user, type in: passwd mobile
9. Enter the password you desire (You will not see the characters in the screen as you type them for security reasons)
10. Enter the password you entered once more
11. All done! You are now secure! You may close MobileTerminal