First, I’m testing this blogging app to post entries straight to my site from the iPhone. Hooray for that π
So there’s Ecto for the desktop, and this for the iPhone.
Okay, on to the topic.
Just to make things clear; having Rick Astley as a wallpaper is a feature – that’s just full of WIN π
Seriously though, in a nutshell; both the actual case and potential dangers it implies, while true, are overrated.
First, it only works on jailbroken phones. Normally, if you are determined enough to jailbreak your iPhone, you should be smart enough to be responsible about it.
This “virus” relies on SSH – which is one of the commonly installed services installed upon jailbreaking. SSH stands for “Secure Shell” – which allows remote shell access to your device. In the case of the “virus,” it does its thing via SSH over WiFi.
Fortunately for us, there are other implications of this as well. The most important of which, is that it will need both WiFi and SSH to be enabled to do be able to do anything meaningful. 1 This is probably why jailed phones are immune, there’s no SSH available So having one or the other turned off will actually mitigate the issue.
Of course, people will think of just turning SSH off 2 There is a toggle that can be installed that does just that. … and they’d be right. The only issue is that for some reason… SSH is enabled by default when you have the service installed. This means if you reboot your device, it will turn itself on. 3 Kinda like the numlock And forgetting to turn it off is what can ultimately get you.
That’s why as a rule of thumb, you should just change your SSH password regardless if you’re using the service or not.
There’s a third option; which is to uninstall the service altogether. I haven’t tried this nor do I ever intend to. But assuming your [jailbroken] device is still working properly, 4 Which theoretically should be the case. I recall installing SSH after the fact when jailbreaking was still new. it should now be immune to the “exploit” as well.
But if you ask me, the safest way is to just instal MobileTerminal, run it, type in:
ssh root@localhost
Enter your password. As soon as you’re in with superuser/root priviliges, type passwd and enter your new password (and don’t forget it!)
If you’re asking why developers can’t (or probably won’t) set SSH as disabled by default, the only answer I can think of is because the ability to have remote shell access is extremely nifty for developers. For example, OSX has SSH enabled as well, if for some reason your machine won’t boot or something, chances are you can still access it via SSH – so the really hardcore people who like breaking stuff need that kind of access to recover from a mistake. And we all know how much those developers like tinkering with the iPhone π
On an unrelated note; I can’t believe the backtick/grave sign is only available during text entry in the Mail application. I often use it as Markdown syntax when doing code formatting
Good thing I set it as a favorite in ActionMenu’s pasteboard history. Sure as hell beats having to switch to mail just to copy the sign and back to paste it.