After two worm attacks on jailbroken iPhones, one would have expected the vulnerable iPhone users to have reset their passwords. Unfortunately, a lot many still have had their jailbroken iPhones with the root password unchanged as a third worm attack is now being reported. And this time, it is far more malicious.
Folks at Sophos have reported of this new worm attack concentrated among Dutch iPhone users with the help of the same vulnerability that was previously exposed by the iKee virus. In that earlier instance however, the worm merely changed the wallpaper of the iPhone to a picture of Rick Astley and the hack was averted by changing the root password.
In the new attack however, an infected iPhone is configured with two scripts – one to execute the worm on boot-up and the second to upload all data from the iPhone to a Lithuanian server. Every iPhone that is infected is given a unique ID for the bot master to investigate specific handsets.
The worm further changes the password of the root to "ohshit". Without knowing the modified password, it becomes further difficult for the hacked iPhone users to get control back unless these devices are set back to their default iPhone firmware settings by restoring the iPhone.
Sophos reports that the worm also spreads to other vulnerable iPhones when the devices use the same Wi-Fi spot. The affected iPhone users have all been among the customers of UPC (Netherlands), Optus (Australia) and T-Mobile.
If you are one of those readers who has been affected by this worm, please do try accessing your root with the modified "ohshit" password and if you fail to gain access, get your iPhone back to the default settings as soon as possible in order to prevent further data theft. Other readers whose iPhone are vulnerable (jailbroken iPhone with SSH installed without the default password changed), kindly follow the instructions provided here in order to secure your iPhone.
[via Sophos]
