BBC is running an article which is reporting a first ever worm on iphone. It is important to note that this worm does not effect all iphones. Only the jail-broken iphones are vulnerable to this problem. Moreover, not all jail-broken iphones are vulnerable. Only the jail-broken iphones, whose root password is left as the default password ('alpine') after installing SSH, are vulnerable. This worm will not spread to phones where the default password is changed to something else.
So, in a way this is a dumb virus which relies on a known root password. But the reality is that many people do not change(or do not know how to change) their default password. The current form of the worm is not harmful. It just changes the wallpaper. But the author has released the source code of the worm. This can lead to harmful virus in the future using the same technique.
Update: There is already a second worm named "iPhone/Privacy" which uses the same technique as the above. This worm is a harmful one. Its steals personal data, like e-mails and contacts etc, without the knowledge of the user. See this article.
No comments:
Post a Comment