Update on ‘Rick Rolling’ iPhone Worm
A few weeks ago, a worm that targeted jailbroken iPhones was released. This worm worked by exploiting a very simple security vulnerability. When installing SSH on a jailbroken phone, a default password is assigned and the user is not forced to changeĀ it. That’s the only problem. This worm scanned for open SSH ports in IP ranges reserved by telecoms. When it found an open SSH port, it tried to login as root with the default password. If that succeeded, it would change the wallpaper to this:
It was only a matter of time until someone exploited the vulnerability — for real. Now, there is a worm out using the same exploit that allows the hacker full control over the phone and also spoofs a bank login page to steal bank credentials.
Really, this is equivalent to installing a web server, turning the firewall off, allowing SSH access, and setting your root password to ‘root.’ The problem here is that the average person who jailbreaks knows little to nothing about security.
Whoops! 
Leave a Reply