Tumblr 101: Tips And Tricks To Get Started
WATCH: Shredding On The Google Guitar!
iPhone Rickroll exploit gets nasty, can now steal personal data
What started out as a mostly harmless annoyance coded by a young Australian lad to mess with his friends has turned ugly [Insert your own Rick Astley joke here].Intego reports that the exploit used by the ikee worm - which only swapped out users' iPhone wallpaper for a mugshot of the ginger king of the 80s - is being used to steal personal data from affected devices.
The worms are only a concern for those running jailbroken iPhone and iPod touches, of course. Still, even at Intego's estimate of 6-8% of those devices being jailbroken that puts the number at risk at well over 2 million.
It's simple enough to protect yourself - all you have to do is change your root password to something other than the default 'alpine.' Our friends at TUAW posted the following instructions:
Type: ssh root@(iPhone IP address)Turning off SSH is an option, too, but you should still change the password as well.
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.
Comments
6
Subscribe to commentsEvenioNov 11th 2009 2:39PM
It bears mentioning that this exploit, in whatever form, only affects iPhone/iPod touch users who:
1. have jailbroken their device;
2. have installed SSH support via Cydia;
3. have ignored the warnings, both from the community at large (easy to miss) and accessible from the front page of Cydia in their SSH how-to guide (less easy to miss), to change the root password; AND
4. leave SSH access on all the time.
In other words, a minority of a minority of a minority of a minority.
That said, changing the root (and perhaps mobile) password really should be made a mandatory step in the jailbreaking process, in the form of a simple prompt with adequate explanation which doesn't accept "alpine" as an answer. Whether the change can be made "in vitro" during the ipsw build, or must be made after the jailbroken device is up and running, it should be made early, to reduce or eliminate the likelihood that less technically-inclined users neglect to change the password themselves.
I also recommend that SSH users install SBSettings, which provides a very convenient way to turn SSH access (among other things) on and off as needed. I never have it on unless I'm actually using it right that moment, and I was in that habit long before any malware appeared.
Ajit AnthonyNov 11th 2009 2:54PM
The headline is deceiving. Jailbroken phones are the only ones affected, make sure to put that in the headline.
joshNov 11th 2009 3:40PM
the problem is that this "exploit" is not actually an exploit. It's merely a malicious program that exploits the end users stupidity rather than the OS itself. The real news should not be about this program, but about the people dumb enough to not have changed the default root password on the iphone.....
Jason HallNov 11th 2009 5:17PM
And don't forget, after opening the terminal to login as root/alpine, then do the passwd change.
GenericNov 11th 2009 3:47PM
Apple searching for reasons why people shouldn't jailbreak iPhones :p
bobbylashleyDec 10th 2009 7:43AM
never gonna give you up, never gonnna let you down, never gonna turn around and desert you, never gonna make you cry, never gonna tell a lie, never gonna say goodbye and hurt you.