A while back I wrote about the iPhone having many security flaws. Well it seems that someone has seen fit to exploit one of them (on jailbroken iphones).
Called Ikee the worm itself isn’t malicious, although it could well have done a lot of damage. It exploits a vulnerability on devices where the secure shell (SSH) password has not been changed. Once on the system it changes the wallpaper to a picture of Rick Astley – also known as Rick Rolling then looks for other hosts on the internet to infect.
So think twice before you consider the iPhone for serious use. It’s good for music, entertainment and the occasional phone call but it’s not for the enterprise world.
Tweet This 
Digg This Post 
Facebook 
Reddit 
Stumble This Post
Related posts:
This is a pretty poor post. This is a case of the jailbreaking software setting a default root password and users not changing it–it is not at all indicative of Apple’s security savvy or the security of the phone itself.
The iPhone has a less than perfect security track-record, but one advantage it has over many competitors is that it can be upgraded easily (and without a reliance on the OEM or the carrier, unlike most WinMo and Android phones–though not the Droid, interestingly).
I should say that I work in software security for a competitor of Apple’s. And it’s my professional opinion that Apple don’t really get security. Their code quality is probably poorer than that of some of their competitors.
But being able to release software patches for security holes is far, far more important than initial code quality, because everyone ultimately has bugs.
I don’t expect you to know a lot about security. Most people don’t. But it’d be nice if you tried to understand the topic before posting about it.
Someone: Are you an idiot? The default is always present in the iphone, jailbreaking doesn’t do anything to it.
If the iPhone can be upgraded all the time without OEM changes or anything, why are there 3 types of them?
The hole only exists if a) you have a jailbroken iphone b) you have installed openssh via Cydia (or other package system) and c) you have not changed the default root password.
If you haven’t jailbroken the phone and have not installed openssh, you have nothing to worry about (so far).
In my experience, enterprise hardware is tightly locked down, and is unlikely to consist of jailbroken handsets loaded with third party packages. YMMV.
@Someone else:
Indeed, the default is always “alpine.” This is a moot point without a remote login exposed, however, and there are no supported (i.e., without jailbreaking) modes of exposing a remote login.
I’m not sure what you mean by three types of them. There are three types of hardware, yes; they all run the same firmware releases. All three can be upgraded directly from Apple without the intermediation of the carrier. (I shouldn’t say OEM, since in the case of the iPhone Apple is both the OS vendor and the OEM, unlike most other phones (WinMo, Android, Symbian).)
Worms only happen if there is an access point. THat point of entry is only created by people who bypass Apple’s security and Jailbreak a phone.
If you don’t read the warning to change the default ssh password, which most walkthroughs point out, you are a moron. RTFM as the saying goes.
man there is always a default present in the iphone….
no need to worry…
although iphone is nt fully protected but its safer…
Fail.
Creating a security risk by deliberately hacking your phone does not equate to a security risk on a standard iPhone.
Similarly it is a erroneous conclusion to state that this therefore means the phone is unsuitable for the “enterprise world” given that in any enterprise environment policies dictate that you are not permitted to hack your devices nor run non-standard operating systems to the corporate standard.
r u sure Iphone.. cuz i dont think its safer…