Monday, November 9, 2009

The ikee virus - Preventing future attacks

My blog has recently had a lot of attention, due to my chats with "ikee", the Author of a major iPhone worm, that replicates itself on many phones, presumably until either all phones are secure, or, all phones contain the ikee virus.
If you're new here, Please see my previous blog posts: The truth about the ikee iPhone "virus" and Interview with ikee - iPhone Virus Creator - Virus removal details enclosed.
There is obviously one major flaw with the ikee virus: It is unable to gain access to iPhones that are behind a NAT.

I was originally going to post this, but i'd completely forgotten about it, due to the overwhelm of visitors and all the hype surrounding the iPhone virus.

I'm asking all of the people who are use jailbreak software, to contact the developers of the software they use, and request that the developers prompt users for a new password. This is important and is possibly the only way that this will stop hackers like ikee (and even that Dutch kid asking for $5 in return for unlocking) from doing what they are doing.
Adding a password prompt is too easy for developers, and as for why they havn't already - I have absolutely no idea.

Why the password prompt? Well the following two points may be where the problem was laying, and the reason the developers have not included some sort of automatic password changing tool as yet.
  1. If a developer changes the password for all users of the software to the same password, then it still leaves all the users of that particular software vulnerable to an attack
  2. If a developer changes the password to a random string, and displays it to the user to write down, the user will probably forget it
It's quite clear that a prompt for a password during the initial jailbreak is the only real solution to this problem, although I would also recommend that the developers stop distributing the SSH Daemon, and allow users to download it [the SSH Daemon] if and when required.

I'd encourage iPhone jailbreak application developers to send me an email (jd do.jeltel a@t gmail do.t com) and let me know what they've done to secure their users iPhones, the sooner we gain control over the situation, the better.

I'm getting many emails reporting variations to the ikee virus, this is explained in my interview with ikee, and is not a new version of the ikee virus.

4 comments:

  1. I got hit around 10pm on Saturday morning, was very annoying at the time as I thought Winterboard was acting up. It wasn't til Rick Astley popped up that I breathed a sigh of a relief - it was only a prank. To be honest this'll hopefully remind me to change all my default passwords in the future.

    Just a side note, I got forwaded a couple wallpapers, one being the default football one, and another one being a shot someone had taken of a payout screen at the pokies! I was tripping for a bit trying to remember when I had taken it, trying to remember if I'd had a realllllyyy big night and forgotten until I realised it was a virus.

    ReplyDelete
  2. Something developers could do is create an image of a randomly generated password and then save it to the owner's photos folder, so that it can be viewed in the Photos app; then the owner doesn't have to remember it, and the prompt can be a simple "your password is NHSesrcd976(*&, also it's in your Photos app" instead of a scary "if you do not choose a secure password then YOU WILL DIE".

    ReplyDelete
  3. changing p/w is important but that leaves the iPhone open to exploration. Use Cydia to install SBSettings then use that to toggle SSH on/off as required.

    ReplyDelete
  4. What about mobile terminal in cydia? I used to to change both my mobile and my root password. I'm skeptical. Am I actually covered?

    ReplyDelete