The Worm Has Turned: iPhone Exploit Gets Nasty
Last week the news about yet another non-belligerent iPhone worm did the rounds and people responded by saying things like “How silly jailbreaker’s are for not changing their SSH root passwords,” and “It’s only a matter of time until a worm appears that’s not so friendly…” OK, yes, geeky people said those things. Normals will likely never know that jailbreaking is something you can do to a phone.
Well, the predictions of gloom have proven true. Over the last few days, and reported by The Mac Observer, a new worm has been identified. This one, (so-far limited to iPhone owners in the Netherlands), takes advantage of the exact same SSH-exploit as the previous worm. Once on a user’s iPhone, it circumvents Mobile Safari’s anti-phishing technology to present a spoof of a popular banking website. Users are tricked into handing over their online banking authentication details. The worm spreads from iPhone to iPhone, but is limited to jailbroken handsets connected to the same Wi-Fi network.
Apple has weighed-in with its own sage wisdom and advice on the matter. Speaking to The Loop’s Jim Dalrymple, Apple spokesperson Natalie Harrison said:
The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software. As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.
If you live in the Netherlands and have jailbroken your iPhone and installed SSH, you need to change the default password to protect yourself from this particular exploit. Just don’t think you’ll be safe — Apple might keep the iPhone platform locked-down tight, but you can’t argue against the obvious security advantages of doing so. To date, there have been four confirmed worms “in the wild” on jailbroken iPhones. How many confirmed worms have appeared in the wild that affect non-jailbroken iPhones? There you have it.
The Real Question Is…
But the real question, as I see it, is this; who jailbreaks any more? I mean, really… who? Why? The single biggest reason people originally went to the trouble of jailbreaking their iPhones was due to frustration at the lack of native apps. (Back in the early days of iPhone ownership, and before the app store existed, only Apple’s own home-grown apps were locally installed on the device. Every third-party apps ran inside Mobile Safari and, therefore, required access to the Internet.) I did a lot of travel back then, usually by air and train, so I didn’t always have a reliable Internet connection; this rendered most of my web apps useless. That annoyed me, and I very nearly did the whole jailbreaking thing just so I could install applications locally that would work irrespective of an active Internet connection. (Ultimately I wussed-out, too afraid I’d permanently mess-up my precious — and expensive — iPhone.)
But that was then, and times have changed.. What other compelling reasons were there to void Apple’s iPhone warranty? MMS, video recording, exchange server support, multitasking and Copy & Paste were the “most missed” features. Today we have more apps than you can shake an iPhone at. We have MMS and video recording, exchange support and copy & paste.
The only thing missing is “true” multitasking, but for the vast majority of iPhone owners (for whom multitasking is another way of saying “I want instant messaging!”), Apple’s Push Notification Service does a decent job of balancing productive multitasking with preserving battery life.
So… why jailbreak? Is it a form of protest against Apple’s broken application approval process? Is it because you absolutely must replace the default icons with something far less classy? Perhaps you can’t live without tethering? Tell us in the comments the (few) remaining reasons for jailbreaking an iPhone.
Just please don’t say it’s for geek cred… I might cry!
Tweet This (74)
Daantje on November 24th, 2009 at 7:27 am
I have an 3G and when not jailbroken, I can’t make video’s. And I don’t have the cash to buy an 3GS. I also like the freedom I have to program my own little applications, with out paying Apple just $100,- so I can install my own. It’s not commercial stuff, just to make my own live easier.
MacHackPC on November 24th, 2009 at 7:50 am
Here you can find Top 10 Reason to Jailbreak your iPhone – http://www.machackpc.com/iphone/3g/reasons-to-jailbreak-your-iphone/
Jason on November 24th, 2009 at 8:41 am
That list was fine…until I got to the part where you advertise “cracked apps” as a reason to jailbreak. Piracy is wrong — it is stealing, and I am really disappointed that you would promote this. Most jailbreakers are NOT pirates, and pirates are the scum of jailbreaking community (and forget your lame disclaimer).
There are dozens of super creative apps in the Cydia store that turn the iPhone from something cool into something absolutely incredible — they do things that Apple’s engineers are probably only barely thinking up for iPhone OS 4 or 5, and they are here today for jailbreakers who are willing to do the honest thing and pay a few bucks to encourage independent software development.
With all this legitimate, legal “booty” around, telling people that they should use cracked apps from the Apple app store is not only wrong, it is just stupid.
Subhash on November 24th, 2009 at 8:02 am
I live in India, and have an AT & T iPhone, which won’t work on my native Vodafone unless i’ve bought it from them (:P UGHHH, 6K more) or jailbroken and unlocked. Plus, there’s still the odd app Cydia helps you out where the 100,000 can’t.
Rob Oakes on November 24th, 2009 at 8:04 am
I jailbreak. In fact, it’s the only thing that’s prevented me from breaking my contract and going to a different carrier. In my opinion, there are three programs that more than justify jailbreaking the phone:
1) Backgrounder
2) GV Mobile
3) SBSettings
These three apps enable features that the iPhone *should* allow in the app store or build in by default. (Actually, GVMobile was allowed, until Apple decided that Google Voice might compete with them turned into a bad caricature of Microsoft.)
aussie on November 24th, 2009 at 8:06 am
two words–Google Voice
kshusker on November 24th, 2009 at 8:16 am
The main reason I jailbroke my phone was so I could change the SMS message received sound to whatever I wanted. I don’t know why Apple doesnt provide this functionality. I also bought an app from the Cydia store that allows me to respond to incoming SMS messages from wherever I am on the phone without having to quit what I am doing and launch SMS App.
Both of these are nice features which enhance
my phone. and the risk of jailbreaking is zero – assuming you are not an absolute idiot who leaves SSH turned on without setting your own passwords!
Carl Mumford on November 24th, 2009 at 8:28 am
I used to jailbreak my iPhone but I don’t feel like I need to anymore. I used to so that I could unlock my O2 iPhone for Orange. Since Orange released the iPhone, I’d rather stay clear of anyone invading my iPhone in the near future.
Jason on November 24th, 2009 at 8:34 am
According to the latest states from Pinch Media (the iPhone analytics company) just under 10% of all iPhone users have jailbroken their phones. Thats an amazingly high percentage — can anyone think of another consumer device in which 10% of the users have essentially hacked it to increase functionality unofficially?
I think this points to the fact that even now, in the era of the app store and the 3.0 software, there is a lot of frustration with how much Apple locks down the phone.
FWIW, I jailbroke my phone for the same reason that I choose what software I run on my Mac — because it is MY computer and MY phone.
Pat S on November 24th, 2009 at 9:43 am
I would say that 10% includes a lot of units where the device was jail-broken to unlock the baseband rather then for the Applications. There were millions of Iphones jail-broken for grey market sales in countries not officially supported by Apple. The frustration with Apple and their store policies is probably in the noise level. Most folks are happy with what Apple delivers, a small vocal minority are trying to make things better which I applauded, but the average consumer probably doesn’t care.
Jimmy Suggs on November 24th, 2009 at 8:43 am
Uh just turn OFF your SSH settings on the phone. Then no one can access it. It’s really not that hard, especially if you have sbs settings installed.
Michael on November 24th, 2009 at 8:52 am
The main reason to jailbreak is since on this side of the Atlantic you can not buy unlocked iPhones (well, on ebay it is possible, but not as convenient as walking into a store) as you can in almost all parts of Europe. Yes, they do cost much more initially, but since I’m traveling all over Americas (Everywhere from Canada down to Argentina) buying a local SIM card from a local provider and using services like rebtel makes it much much cheaper then roaming.
jenn on November 24th, 2009 at 8:53 am
I jailbreak because:
1. GV Mobile
2. change font
3. five icon dock
4. five column springboard
5. sbsettings
6. customize sms bubbles
7. adding weather info to status bar
8. change ATT carrier logo
9. unlock phone so i can use local sims when i travel abroad
10. NES games
11. notification icons on status bar for missed calls, unread emails, voicemails, unread sms, etc
12. emoji
Should I list more (by the way, everything I listed, I use. I wasn’t just listing for the sake of proving a point)? I’d say, if you’ve never jailbroken and don’t know what’s available, you’re probably perfectly content with having a stock phone. For someone like me who has been doing this since the original iPhone, it’s really hard to go even just one day without just one of the above.
jL on November 30th, 2009 at 7:03 pm
emoji doesn’t require jaklbreak … but 11 is still plenty of reasons ;-)
AppleAddict on November 24th, 2009 at 8:54 am
I jailbroke originally for video recording, MMS, tethering, and customization of the screens and icons. I now have the 3GS and most of the original reasons are not relevant anymore but…I still love to customize my icons and screens with Winterboard. The original Apple icons and screen colors are just boring. I also love SBSettings, FontSwap, iProtect, and Categories. With the jailbreak process so easy nowadays, it’s a no-brainer, and your done in about 60 seconds. Also, it is always completely reversible if you later change your mind. You can always restore back to the original factory settings and no one can tell you ever had a jailbroken phone. It’s always worked for me with no problems. Love it!
Josh on November 24th, 2009 at 9:09 am
I have a jailbroken phone because I also wanted it unlocked. Plus, as others have said before, Cydia gives you GV Mobile, Backgrounder, and SBSettings. Plus, I can skin my iPhone to look like whatever I want. I have OpenSSH, but I leave it turned off unless I need it- and when I use it, it’s always on my own home network with protection.
Honestly, this worm can be so easily prevented. Change the password- it’s such a simple process. I think this is getting over-hyped a bit.
Colin on November 24th, 2009 at 9:09 am
There are plenty of reasons to still jailbreak:
SBSettings toggles
Winterboard
Lock-screen widgets
Tethering
Multitasking
BossPaper
Google Voice
Here’s the thing… despite what you want to hype up, jailbreaking does NOT make your iPhone insecure. You know what makes it insecure? Installing SSH, which opens the phone to the world, and then leaving the root password as the default. You have to be really stupid to do this.
Ken on November 24th, 2009 at 9:19 am
Jailbroke to use T-Mobile: I’m using a much less expensive plan with a set amount of minutes and texts. (don’t talk on the phone all that much) And opted to save $25 a month for the time being by not getting their data plan. Plenty of wifi at work and home.
norwegian reader on November 24th, 2009 at 9:25 am
I jailbreak my phone because og backgrounder. Beeing able to run spotify in the background is a must for me. The other stuff is nice just not important for me.
InfoMofo on November 24th, 2009 at 9:33 am
Tethering.
Huge.
jt on November 24th, 2009 at 9:35 am
The iPhone world would be markedly less robust without jailbroken phones. Apple originally did not want developers writing native device code and relegated everyone to web apps. It was the jailbreak explosion and subsequent software (via non-published API dumps, etc.) which helped push Apple in the direction we have today.
Being able to run applications in the background is worth jail-breaking on its own. Would you run one application on your Mac? Every other major smartphone vendor allows multiple running apps. Not being able to run multiple apps severely limits the software which can even be conceived of for running on the iPhone. This limitation is hampering qualitative and quantitative software available and leaves the iPhone heavy on the game end and limited in the utility and business ends.
John Johnson on November 24th, 2009 at 9:37 am
Pirates jailbreak their phone. It’s the way to install software that you don’t pay for, as you can tell the phone not to check the certificates that come with the software.
So that is to say, people who steal.
Colin on November 24th, 2009 at 9:50 am
That’s a narrow, foolish view to take
jenn on November 24th, 2009 at 10:22 am
i jailbreak my phone but i would never, and have never before, stolen an app. in fact, i am 100% against it. if you think that’s the sole reason why people jailbreak, then you definitely lack 99.9% of the information/reason why people jailbreak
Jason on November 24th, 2009 at 2:50 pm
Which department of Apple do you work in?
Debbie on November 24th, 2009 at 10:17 am
Your headline should read: “Only *JAILBROKEN* iphones get virus”.
If you don’t illegally jailbreak your iphone… you will NEVER get this virus.
Would you also print a headline that said “Ford Cars Blow Up When Started”?
(Only to later find out that it’s only 1 model… 1 year… and only if the user illegal modified the car himself… and 0.0001% of them?)
*VERY* misleading info.
Why do so many of the articles here have VERY misleading headlines… and then buried
deeply in the text… you’ll see that only jailbroken iphones are affected?
Jason on November 24th, 2009 at 10:18 am
There’s nothing illegal about jailbreaking your phone. It is your phone, you can do with it as you wish. It might void your warranty, but that isn’t the same thing as being illegal.
jenn on November 24th, 2009 at 10:24 am
that’s right. jailbreaking isn’t illegal and that is why apple is TRYING to make it illegal. what you’re saying is equivalent to saying you’ve purchased a car, it’s under your name, you’ve paid it off and decided to modify it by changing your rims and oh wow that’s totally illegal
Colin on November 24th, 2009 at 10:37 am
Jailbreaking is not illegal. I own the device (I paid the full $600 retail after my subsidized one was lost) and I can do what I damn well please with it, and Apple isn’t going to tell me otherwise.
Second, jailbreaking DOES NOT make your iPhone insecure. Installing shell access, and not changing the password from the default, is what makes it insecure. See the big difference?
Pat S on November 24th, 2009 at 11:03 am
@ Colin
Second, jailbreaking DOES NOT make your iPhone insecure. Installing shell access, and not changing the password from the default, is what makes it insecure. See the big difference?
The jailbreaking process allows running of unsigned applications and it most definitely makes your Iphone less secure. If you understand anything about security you should understand that opening up the OS to running of unsigned applications allows many other vectors of attack. Here is a paper done by Charlie Miller http://securityevaluators.com/files/papers/hackingleopard.pdf which highlighted some of the Leopard vulnerabilities. Guess what if I was writing malware for Iphone OS I would start with what works on OSX.
Colin on November 25th, 2009 at 10:53 am
@pat s
There are no jailbreak exploits in the wild that do not involve OpenSSH having the default password. Being able to install software is very different from a security vulnerability.
TX2STEP on November 24th, 2009 at 10:18 am
Nobody will not admit it but it’s for the free games they can pirate. Are people that cheap that they can’t fork over a couple of bucks to developers for good software?
Jason on November 24th, 2009 at 10:20 am
Some people pirate software on their jailbroken phones
Some people also drink and drive.
Driving and jailbreaking aren’t the problem. It’s people who break the law.
Colin on November 24th, 2009 at 10:35 am
Did you even read the thread? There’s about a million other reasons to jailbreak that have nothing to do with piracy. Hell, I’ve paid for apps in the Cydia store.
SHRIKEE on November 24th, 2009 at 11:58 am
You seem to miss the sole point of jailbreaking for many many many people is to use their phone on a network that apple does not support.
stokes on November 24th, 2009 at 1:57 pm
I jailbreak my phone because I cannot justify paying an additional $30-40 each month for a data plan that I simply do not need. I still pay for a traditional AT&T plan WITH unlimited messaging.
I purchased my phone legally second hand from another Apple-lover who had to have a new 3GS, so as far as I’m concerned, I am not a thief. I have paid for every aspect of this service.
Is it wrong to ask for a cell phone with the beautiful and simple interface of the iPhone at a price less than $80 a month? According to AT&T yes, but that’s why I jailbreak.
blenderman345 on November 24th, 2009 at 5:13 pm
iJailbroke cuz I didn’t want to have a contract on my phone.
And for video rec, and a buncha otha stuff.
Listen, some people use Cracked apps and other piracy, but not all jailbreakers. I don’t cuz it’s illegal, and well, it’s jez kinda mean to the people that worked so hard to write it.
Jame on November 24th, 2009 at 5:19 pm
I know some of you don’t want to hear it but the primary reason people jailbreak is to pirate software. Ask any developer, especially game developers, if pirating software on the iPhone is a problem. Again, there may be legitimate reasons to jailbreak but the majority of people jailbreak to steal software. Deny it if you want but it is true.
Jason on November 24th, 2009 at 5:25 pm
I will deny it because it is not true. A few pirates steal a huge ton of software, but the vast majority of jailbroken iphone users are not pirates.
Johnny on November 25th, 2009 at 12:39 am
I love this holier-than-thou attitude that non-jailbreakers are spewing. It reads as judgemental and arrogant as religious biggotry, yet somehow more pathetic.
LIAM: Your choice of words here came off as condecending. “Is it because you absolutely must replace the default icons with something far less classy?”
I appreciate that you drink the apple Kool-aid, but let’s have some perspective here. I haven’t used a theme in a long while, but I seem to recall some magnificently art-directed skins, many of which had more uniform (or “classy”) consistency across the UI. If you choose to define the open source community’s offerings by the least classy options, beware that the mirror reflects the same swill of rancid apps that make up the bottom 98% of the official “app store”.
Cydia store offerings raise the bar for Apple in how they unify system functions, increase usability, and generally allow for a richer user experience. Now THAT’S classy.
Final thought: App pirates are dirt, but so are an unfortunately high percentage of the apps that I’ve purchased from apple. I’m not without sympathy, but I’m not terribly sympathetic. Especially considering that the thieves are unlikely purchase candidates regardless.
Johnny on November 25th, 2009 at 12:50 am
Ooh, for the other jailbreakers out there that don’t use a theme – try using winterboard to simply disable icon labels. Seriously, after a day or two, seeing the text-laden interface will make you cringe. Knowing how minimalist Apple design can be, I imagine this will also become an adopted settings feature someday.
Arne on November 25th, 2009 at 10:44 am
I Jailbroke my iPhone 3G for only one reason: A native Terminal application which can use my ssh-keys installed on it. Tethering would also be nice, but not necessary. Sadly, I’m not Jailbroken because it did not work with the latest release :-(
Mark on November 25th, 2009 at 4:47 pm
I truly love SBsettings which gives you a drop down menu accesible almost all the time, giving you access to the settings most frequently changed, brightness I find Im always adjusting. Also it gives you a list of currently running processes that works perfeclty well with ‘backgrounder’.
An if that wasnt enough, then theres the pure magic of ultrasn0w.
valentin on November 26th, 2009 at 5:24 am
How about tethering?
My phone is factory unlocked. I should be able to connect my laptop to the Internet like I always did with all of my previous Nokia phones. Can I? No, because some smart ass thinks that I can’t do what I want with my own factory unlocked device. I’m not breaching any contract, Vodafone lets me do it, I’m even paying for it.
Now I’m back on 3.0.1 because is the last one that allows tethering without jailbreak.
jL on November 30th, 2009 at 7:05 pm
I jailbreak my old (otherwise inactive) iPhone so I can use it with international SIM cards.
Telco 3G on December 29th, 2009 at 10:42 am
Ah, “true” multitasking will always be in a dream. I bet they will and can never implement it.
Not until Blackberry come with a newest features.
Kerri Paul on January 28th, 2010 at 2:30 am
Why does it matter? I would not EVER presume to go into another person’s home & forbid them from using their own personal property however they saw fit. There is only ONE reason to jailbreak any device that anyone needs to know.. CHOICE! No other explanation is needed nor deserved! THE END!