The latest worm to hit jailbroken iPhones is far more dangerous than Rick Astley.
Unlike a previous worm, which simply rickrolled its victim with a wallpaper of 1980s pop star Astley, the yet-unnamed worm targets customers of the dutch bank ING. When infected users visit the site, they're redirected to a fake login screen, which in turn steals the input. Still, the number of conditions upon which a user would fall into this trap makes this worm mostly insignificant.
For starters, a jailbroken phone is required, providing access to functions that Apple and wireless carriers do not allow. Then, the user must install SSH remote access, which enables wireless file transfers to and from other computers. The root default password for SSH must also remain unchanged from the default, which is "alpine," though many users forget or don't know how to change it.
Even then, the user must be an ING bank customer in Holland. F-Secure, which spotted the worm, says it is "not widespread," and F-Secure research director Mikko Hypponen told the BBC that infections are "in the hundreds, rather than thousands." The worm can spread from one jailbroken iPhone to another through open Wi-Fi hotspots.
So, this worm isn't worth panicking over, but it's noteworthy as the first blatant phishing attack on iPhone users (another worm stole data, but its purpose wasn't clear), albeit a small subset. I wouldn't be surprised to see more worms pop up, designed to attack more people's phones. Makers of SSH software, such as OpenSSH, should update their software to prompt users with a password change option after installation.
Meanwhile, Apple must be cackling. The company has argued that jailbreaking is illegal, and that it could even leave entire cell phone towers open to attack.
