JAILBROKEN iPhone botnet set to destroy world

iPhone!  Botnet!

Those two words are likely to get people's ears up.  The qualifier is that the security hole is with unsecured jailbroken iPhones that have enabled SSH.  The equivalent in the computer world would be telling everyone to set their root passwords to "alpine" and enable root access.  Then put your computer on the Internet without a firewall and leave it until someone logs in.

If you jailbreak your iPhone and don't change your password, it is the equivalent to physically giving it to a malicious hacker.

It is important to note that standard, non-jailbroken iPhones or iPod touches are not at risk; it is extremely dangerous to jailbreak an iPhone because of the vulnerabilities that this process creates. (Estimates suggest that 6-8% of iPhones are jailbroken.) Jailbroken iPhones at risk are those where ssh is installed, and where the default password has not been changed.

This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices.  (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)