Danski haker hakovao iPhone preko SSH-a

[mikenzi]

A hacker has taken over numerous Dutch iPhones asking for a €5 donation for his troubles.

The hacker simply scanned for jailbroken iPhones with SSH installed and using the default root password. With this password he then sent what appears to be an SMS alert to the hacked phones that read,

"Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."

Going to the website directed users to send €5 to a PayPal account, after which they would be e-mailed instructions to how remove the hack.

"If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

The webpage has since been taken down and the hacker is now offering instructions on removing the hack for free.

If you know what SSH is and have it installed remember to turn it off when not in use or change the default password to prevent this hack.



How to Change the Root Password on Your iPhone

These are instructions on how to change the root password on your jailbroken iPhone or iPod touch. This password is required when using SSH to connect to your device.

Step One
If you do not already have MobileTerminal installed please follow these instructions to install it.

Step Two
Press to launch MobileTerminal from your iPhone Springboard.


Step Three
Input su into the terminal window then press the return key.


Step Four
You will be asked to input the current root user password. Input alpine then press the return key.


Step Five
Once you have logged in as the root user input passwd into the terminal window then press the return key


You will be prompted for new password. Input a password of your choice then press the return key.


You will be asked to retype the new password. Do this, then press the return key to finalize your change

[Sharky]

Svaka cast za post, bas sam hteo da pitam kako da promenim sifru za SSH

[Ognjeni]

da mi je samo 5 min sa ovim pede*cicem ..skakao bih mu po glavi

[iphone-srbija]

naravoucenije, iskljucite SSH kada ne koristite

[kocka90]

ja sad nisam ni instalirao SSH

[zexx0r]

Menja se preko Terminala:

login kao root

mobile@iphone ~$ su
username: root
password: alpine
root@iphone ~$ passwd
enter new passwd: <OVDE IDE NOVI PASS>
repeat new passwd: <JOS JEDNOM NOVI PASS>
password changed for username root.

to je to

[uroskg]

Ovo je matora fora, ko poznaje unix ovo bi trebao da zna odavno...

[1024]

...ali treba se setiti da promenis sifru na telefonu (iako je kompjuter pod varijantom unixa u pitanju, ipak je to telefon ) A vecina korisnika se prema tome (ssh, terminal, winscp i sl.) odnosi kao prema "sablonu za prebacivanje stvari u iPhone" a ne kao "daljinskom pristupanju iPhone-racunaru".

[byMaX]

Ja i nemam SSH, samo OpenSSL, a SSH nije neophodan kad se koristi iPhone Explorer, recimo. Jeste malo nezgodniji za file management, ali nije strašno ako svaki dan ne kopiraš nešto po telefonu u većoj meri. SSH je velika rupa za sigurnost, zato sam ga uvek isključivao, a sada ga i ne instaliram...

[Sharky]

Lepo ukljucis precicu SSH u SBSettings i jednim klikom ukljuceno-iskljuceno, ne moze biti lakse i jednostavnije

[mikenzi]

Izvor

Code:

http://hackulo.us/forums/

Australian hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. This hack can only affect people who chose not to change that password -- no one else.

Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again.

Luckily for the jailbreakers in the audience who may have been affected, there's really no harm done -- at least not with this version of the worm. According to the hacker, this was more of an experiment than anything else. The worm changes your background and then disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage.

The creator of the worm has released full source code of the four existing variants of this worm. This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed.

Dodatni sajtovi na ovu temu:

Code:

http://www.f-secure.com/weblog/archives/00001814.html
http://www.abc.net.au/news/stories/2009/11/09/2737673.htm
http://twitter.com/ikeeex
http://www.sophos.com/blogs/gc/g/2009/11/0...ed-100-iphones/
http://www.pcworld.com/businesscenter/arti..._wallpaper.html
http://www.tuaw.com/2009/11/07/jailbreak-w...-the-unsecured/
http://www.theregister.co.uk/2009/11/08/ip...ickrolls_users/
http://www.engadget.com/2009/11/08/first-i...lbroken-phones/
http://www.forbes.com/2009/11/08/iphone-vi...ersecurity.html

How to remove the worm if you are already infected?

[10:33] <JD> Can you please explain to me, how an infected user would remove the different versions completely?
[10:33] <ikee> Sure, variants A-C store files in these directories
[10:34] <ikee> /bin/poc-bbot
[10:34] <ikee> /bin/sshpass
[10:34] <ikee> /var/log/youcanbeclosertogod.jpg
[10:34] <ikee> /var/mobile/LockBackground.jpg
[10:35] <ikee> /System/Library/LaunchDaemons/com.ikey.bbot.plist
[10:35] <ikee> /var/lock/bbot.lock
[10:35] <ikee> using an rm (in SSH or mobile-terminal on those files will remove it)
[10:36] <ikee> then reboot the phone, change your password and reinstall SSH
[10:36] <ikee> For variant D its abit different
[10:36] <ikee> The locations are
[10:37] <ikee> /usr/libexec/cydia/startup
[10:37] <ikee> /usr/libexec/cydia/startup.so
[10:37] <ikee> /usr/libexec/cydia/startup-helper
[10:37] <ikee> /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
[10:38] <ikee> Of course cydia used these files previously so you may need to reinstall it after deleting these files

[srbinovic]

Nisam hteo da otvaram novu temu i izvinjavam se sto ovu vadim iz naftalina, ali samo hocu kratko da se nadovezem. Dakle ja sam mislio da je sve ovo oko ikee virusa glupost i da "nema sansi da se meni ovo desi" pa sam ignorisao upozorenja i juce shvatim da mi odjednom "ne radi" SSH. Posto sam izgubio sat vremena na reinstalaciju SSH-a i winscp-a, procitam ova uputstva za uklanjanje virusa i proradi mi SSH. Pass sam naravno istog trenutka promenio. Znaci samo hocu da kazem da ne budete tvrdoglavi kao ja, da ko nije obavezno promeni pass, ko zna sta gore moze da nas snadje.
Pozdrav ajfonovci

[Sharky]

Zar ti nije lakse da koristis iphone folders ?
Na winscp sam odavno zaboravio

[mikenzi]

Jos jedan mlad zivot spasen

[iDarth]

Zar ti nije lakse da koristis iphone folders ?
Na winscp sam odavno zaboravio

Compatible with x86 editions of Windows XP, Vista, 7 and x64 editions of Windows XP,
Vista (unlike Vista, Windows 7 x64 can't be forced to execute Windows Explorer in 32bit
mode, so no Win7 x64 support for now).