iPhone

iPhone Worm is Crap

Sorry, I can’t help it. That whole “iPhone Security Problems” thread I’ve seen on a few sites recently due to that worm. Oh, then there was a second worm that did the same thing. Really? Did these awesome security gurus realize that the device has to be jailbroken? Oh and they have to still have the default password used for SSH? I would hope that if you know enough to jailbreak the device without bricking it that you know enough to change the default SSH password.

Interestingly enough though, an estimated 6 to 8 percent of iPhones are jail-broken… If there have been 21 million sold, that provides an attack surface of around a 1.2 million if you just target jail-broken phones. A PC needs to be running on the same network infected with a totally different worm that tries to log into the phone and steal things. By the way, here’s a huge new security vulnerability I should write – if you leave your LinkSys with the default password AND you allow administration over the WAN then someone can break in over the WAN and mess it up… Of course, in that case you should maybe be with the LinkSys (although the power adapter might cause more damage in terms of hit points), but for some reason people aren’t being beaten over the head with an iPhone but instead so-called security experts find spreading FUD is far more helpful than doing something for a living, like real research.

I just have to reiterate this. There’s a worm out there that scans a subnet and attempts a specific SSH user name and password, if it works then it tries to steal some data, or in a different variant just Rick Rolls ya’. Somehow the fact that in order to put an SSH server on the subnet in the first place you had to void a warranty and forklift SSH onto a device, which took great pains to do, and subsequently forgot to change the password for that SSH server means nothing; nor does the fact that you also need a frickin’ Windows computer to carry the worm to you that’s also infected. Crap, just crap.