{"id":995,"date":"2009-11-11T12:42:45","date_gmt":"2009-11-11T04:42:45","guid":{"rendered":"http:\/\/www.nargalzius.com\/blog\/archives\/2009\/11\/11\/iphone-virusworm\/"},"modified":"2009-11-11T12:42:45","modified_gmt":"2009-11-11T04:42:45","slug":"iphone-virusworm","status":"publish","type":"post","link":"http:\/\/nargalzius.com\/blog\/archives\/2009\/11\/11\/iphone-virusworm","title":{"rendered":"iPhone virus\/worm?"},"content":{"rendered":"<p>First, I&#8217;m testing this blogging app to post entries straight to my site from the iPhone. Hooray for that \ud83d\ude09<\/p>\n<p>So there&#8217;s Ecto for the desktop, and this for the iPhone.<\/p>\n<p>Okay, on to the topic.<\/p>\n<p>Just to make things clear; having Rick Astley as a wallpaper is a <em>feature<\/em> &#8211; that&#8217;s just full of WIN \ud83d\ude09<\/p>\n<p>Seriously though, in a nutshell; both the actual case and potential dangers it implies, while true, are overrated.<!--more--><!-- \/\/ --><\/p>\n<p>First, it only works on jailbroken phones. Normally, if you are determined enough to jailbreak your iPhone, you <em>should<\/em> be smart enough to be responsible about it.<\/p>\n<p>This &#8220;virus&#8221; relies on SSH &#8211; which is one of the commonly installed services installed upon jailbreaking. SSH stands for &#8220;Secure Shell&#8221; &#8211; which allows remote shell access to your device. In the case of the &#8220;virus,&#8221; it does its thing via SSH over WiFi. <\/p>\n<p>Fortunately for us, there are <em>other<\/em> implications of this as well. The most important of which, is that it will need <strong>both<\/strong> WiFi <em>and<\/em> SSH to be enabled to do be able to do anything meaningful. <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_1');\" onkeypress=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_1');\" ><sup id=\"footnote_plugin_tooltip_995_1_1\" class=\"footnote_plugin_tooltip_text\">1 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_995_1_1\" class=\"footnote_tooltip\">This is probably why jailed phones are immune, there&#8217;s no SSH available<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_995_1_1').tooltip({ tip: '#footnote_plugin_tooltip_text_995_1_1', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> So having one or the other turned off will actually mitigate the issue.<\/p>\n<p>Of course, people will think of just turning SSH off <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_2');\" onkeypress=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_2');\" ><sup id=\"footnote_plugin_tooltip_995_1_2\" class=\"footnote_plugin_tooltip_text\">2 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_995_1_2\" class=\"footnote_tooltip\">There is a toggle that can be installed that does just that.<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_995_1_2').tooltip({ tip: '#footnote_plugin_tooltip_text_995_1_2', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> &#8230; and they&#8217;d be right. The only issue is that for some reason&#8230; SSH is enabled by default when you have the service installed. This means if you reboot your device, it will turn itself on. <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_3');\" onkeypress=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_3');\" ><sup id=\"footnote_plugin_tooltip_995_1_3\" class=\"footnote_plugin_tooltip_text\">3 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_995_1_3\" class=\"footnote_tooltip\">Kinda like the numlock<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_995_1_3').tooltip({ tip: '#footnote_plugin_tooltip_text_995_1_3', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> And forgetting to turn it off is what can ultimately get you.<\/p>\n<p>That&#8217;s why as a rule of thumb, you should just change your SSH password <em>regardless<\/em> if you&#8217;re using the service or not.<\/p>\n<p>There&#8217;s a third option; which is to uninstall the service altogether. I haven&#8217;t tried this nor do I ever intend to. But assuming your [jailbroken] device is still working properly, <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_4');\" onkeypress=\"footnote_moveToReference_995_1('footnote_plugin_reference_995_1_4');\" ><sup id=\"footnote_plugin_tooltip_995_1_4\" class=\"footnote_plugin_tooltip_text\">4 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_995_1_4\" class=\"footnote_tooltip\">Which theoretically should be the case. I recall installing SSH after the fact when jailbreaking was still new.<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_995_1_4').tooltip({ tip: '#footnote_plugin_tooltip_text_995_1_4', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> it should now be immune to the &#8220;exploit&#8221; as well.<\/p>\n<p>But if you ask me, the safest way is to just instal MobileTerminal, run it, type in:<\/p>\n<blockquote>\n<p><code>ssh root@localhost<\/code><\/p>\n<\/blockquote>\n<p>Enter your password. As soon as you&#8217;re in with superuser\/root priviliges, type <code>passwd<\/code> and enter your new password (and don&#8217;t forget it!)<\/p>\n<p>If you&#8217;re asking why developers can&#8217;t (or probably won&#8217;t) set SSH as disabled by default, the only answer I can think of is because the ability to have remote shell access is extremely nifty for developers. For example, OSX has SSH enabled as well, if for some reason your machine won&#8217;t boot or something, chances are you can still access it via SSH &#8211; so the really hardcore people who like breaking stuff need that kind of access to recover from a mistake. And we all know how much those developers like tinkering with the iPhone \ud83d\ude09<\/p>\n<hr \/>\n<p>On an unrelated note; I can&#8217;t believe the backtick\/grave sign is only available during text entry in the Mail application. I often use it as Markdown syntax when doing <code>code formatting<\/code> <\/p>\n<p>Good thing I set it as a favorite in <em>ActionMenu&#8217;s<\/em> pasteboard history. Sure as hell beats having to switch to mail just to copy the sign and back to paste it.<\/p><div class=\"speaker-mute footnotes_reference_container\"> <div class=\"footnote_container_prepare\"><p><span role=\"button\" tabindex=\"0\" class=\"footnote_reference_container_label pointer\" onclick=\"footnote_expand_collapse_reference_container_995_1();\">Notes<\/span><span role=\"button\" tabindex=\"0\" class=\"footnote_reference_container_collapse_button\" style=\"display: none;\" onclick=\"footnote_expand_collapse_reference_container_995_1();\">[<a id=\"footnote_reference_container_collapse_button_995_1\">+<\/a>]<\/span><\/p><\/div> <div id=\"footnote_references_container_995_1\" style=\"\"><table class=\"footnotes_table footnote-reference-container\"><caption class=\"accessibility\">Notes<\/caption> <tbody> \r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_995_1('footnote_plugin_tooltip_995_1_1');\"><a id=\"footnote_plugin_reference_995_1_1\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>1<\/a><\/th> <td class=\"footnote_plugin_text\">This is probably why jailed phones are immune, there&#8217;s no SSH available<\/td><\/tr>\r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_995_1('footnote_plugin_tooltip_995_1_2');\"><a id=\"footnote_plugin_reference_995_1_2\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>2<\/a><\/th> <td class=\"footnote_plugin_text\">There is a toggle that can be installed that does just that.<\/td><\/tr>\r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_995_1('footnote_plugin_tooltip_995_1_3');\"><a id=\"footnote_plugin_reference_995_1_3\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>3<\/a><\/th> <td class=\"footnote_plugin_text\">Kinda like the numlock<\/td><\/tr>\r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_995_1('footnote_plugin_tooltip_995_1_4');\"><a id=\"footnote_plugin_reference_995_1_4\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>4<\/a><\/th> <td class=\"footnote_plugin_text\">Which theoretically should be the case. I recall installing SSH after the fact when jailbreaking was still new.<\/td><\/tr>\r\n\r\n <\/tbody> <\/table> <\/div><\/div><script type=\"text\/javascript\"> function footnote_expand_reference_container_995_1() { jQuery('#footnote_references_container_995_1').show(); jQuery('#footnote_reference_container_collapse_button_995_1').text('\u2212'); } function footnote_collapse_reference_container_995_1() { jQuery('#footnote_references_container_995_1').hide(); jQuery('#footnote_reference_container_collapse_button_995_1').text('+'); } function footnote_expand_collapse_reference_container_995_1() { if (jQuery('#footnote_references_container_995_1').is(':hidden')) { footnote_expand_reference_container_995_1(); } else { footnote_collapse_reference_container_995_1(); } } function footnote_moveToReference_995_1(p_str_TargetID) { footnote_expand_reference_container_995_1(); var l_obj_Target = jQuery('#' + p_str_TargetID); if (l_obj_Target.length) { jQuery( 'html, body' ).delay( 0 ); jQuery('html, body').animate({ scrollTop: l_obj_Target.offset().top - window.innerHeight * 0.2 }, 380); } } function footnote_moveToAnchor_995_1(p_str_TargetID) { footnote_expand_reference_container_995_1(); var l_obj_Target = jQuery('#' + p_str_TargetID); if (l_obj_Target.length) { jQuery( 'html, body' ).delay( 0 ); jQuery('html, body').animate({ scrollTop: l_obj_Target.offset().top - window.innerHeight * 0.2 }, 380); } }<\/script>","protected":false},"excerpt":{"rendered":"<p>First, I&#8217;m testing this blogging app to post entries straight to my site from the iPhone. Hooray for that \ud83d\ude09 So there&#8217;s Ecto for the desktop, and this for the iPhone. Okay, on to the topic. Just to make things clear; having Rick Astley as a wallpaper is a feature &#8211; that&#8217;s just full of &hellip; <p class=\"link-more\"><a href=\"http:\/\/nargalzius.com\/blog\/archives\/2009\/11\/11\/iphone-virusworm\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;iPhone virus\/worm?&#8221;<\/span><\/a><\/p><\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[5,13],"tags":[595,602,623,1108,1259,1307],"class_list":["post-995","post","type-post","status-publish","format-standard","hentry","category-internet","category-technology","tag-internet","tag-iphone","tag-jailbreak","tag-ssh","tag-virus","tag-worm"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/comments?post=995"}],"version-history":[{"count":0,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/995\/revisions"}],"wp:attachment":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/media?parent=995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/categories?post=995"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/tags?post=995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}