Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/8/2009
01:26 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

JailBroken iPhones Targeted By Rick-Rolling Worm

The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?

The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?In case you're not aware, jailbroken iPhones may be able to run on various mobile networks, and run unofficial software - but the price paid is significant loss of security. As The Internet Storm Center pointed out in a post late Saturday:

One of the problems with most jailbroken iPhones is that they run various services, including SSH among the others. The installation of SSH service is terribly insecure and, besides allowing remote root login, also leaves a default password on most jailbroken iPhones.

Not good. And this common condition with jailbroken iPhones was also used in an attack in the Netherlands where the malware creator installed a backdoor enabled Trojan that demanded 5 Euros for removal.

The new worm, however, spreads on its own, and after it infects an iPhone it will perform a scan of 3G IP addresses. It will then attempt to copy itself to the phone by logging in with root access.

If successful, the worm will change the background of the phone to a photo of the 1980s pop star Rick Astley - a sort of "Rick Roll." Last year it became a popular social network meme for users to use small URLs (which hide the true hyperlink destination) so send users to the 1987 song Never Gonna Give You Up.

There is a photo of a hijacked iPhone in this Dark Reading post.

Is this a dangerous worm? All worms are dangerous - as unauthorized code being executed by someone not authorized by the phone's owner is always a security risk. But it seems the goal of this worm was to raise awareness. The worm's author wouldn't have done something so blatant as to change the wallpaper had discovery not been the goal.

It's also a harbinger of things to come. And just as most of the first PC worms and viruses did little more than propagate or play simple songs before becoming malicious -- I'd expect the same progression on mobile phones.

For my security and business observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27569
PUBLISHED: 2021-05-07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27570
PUBLISHED: 2021-05-07
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27571
PUBLISHED: 2021-05-07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic.
CVE-2021-27572
PUBLISHED: 2021-05-07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.
CVE-2021-27573
PUBLISHED: 2021-05-07
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can execute arbitrary code via crafted UDP packets with no prior authorization or authentication.