If you're new here, Please see my previous blog posts: The truth about the ikee iPhone "virus" and Interview with ikee - iPhone Virus Creator - Virus removal details enclosed.
There is obviously one major flaw with the ikee virus: It is unable to gain access to iPhones that are behind a NAT.
I was originally going to post this, but i'd completely forgotten about it, due to the overwhelm of visitors and all the hype surrounding the iPhone virus.
I'm asking all of the people who are use jailbreak software, to contact the developers of the software they use, and request that the developers prompt users for a new password. This is important and is possibly the only way that this will stop hackers like ikee (and even that Dutch kid asking for $5 in return for unlocking) from doing what they are doing.
Adding a password prompt is too easy for developers, and as for why they havn't already - I have absolutely no idea.
Why the password prompt? Well the following two points may be where the problem was laying, and the reason the developers have not included some sort of automatic password changing tool as yet.
- If a developer changes the password for all users of the software to the same password, then it still leaves all the users of that particular software vulnerable to an attack
- If a developer changes the password to a random string, and displays it to the user to write down, the user will probably forget it
It's quite clear that a prompt for a password during the initial jailbreak is the only real solution to this problem, although I would also recommend that the developers stop distributing the SSH Daemon, and allow users to download it [the SSH Daemon] if and when required.
I'd encourage iPhone jailbreak application developers to send me an email (jd do.t jeltel a@t gmail do.t com) and let me know what they've done to secure their users iPhones, the sooner we gain control over the situation, the better.
I'm getting many emails reporting variations to the ikee virus, this is explained in my interview with ikee, and is not a new version of the ikee virus.