If you have taken the risk to jailbreak your iPhone you should be aware of reports of an attack in the wild reported by Intego on November 3. Jailbroken iPhones allow users to run software and applications not approved by apple, part of the jailbreak package includes allowing root ssh shell access among other services. Most users do not disable root remote login nor do they change the root password. The management of ssh on a jailbroken iPhone is very insecure, the root password is alpine so now you can wow your jailbroken iPhone friends.

I never recommend using any software that is cracked or jailbroken so I feel little compassion for people who have gone this route on phones that are not for personal experimentation. (Hack to Learn, keep it in the sand box or you might get burned.) General users should never run cracked devices or software, a recent Mac Trojan was spread via cracked software. With that said users can change the password using the passwd command after logging in as root. It is highly recommended that users also disable remote access by root. (Common on any system that runs ssh.)

What begun as soft core ransom ware used by a Dutch hacker which scanned networks looking for jailbroken iPhones has expanded into a full fledged worm called iKee. The original hack preceded to prompt users via SMS for five Euros to secure the phone.  In its current form iKee scans the follow network ranges belonging to Australia 3G customers and is conducting a host of evil hack including changing of background images, lock outs and stealling of personal data. The current network ranges are the following:

• 202.81.64.0-202.81.79.255
• 23.98.128.0-123.98.143.255
• 120.16.0.0-120.23.255.255
• 114.72.0.0-114.75.255.255
• 203.2.75.0-203.2.75.255
• 210.49.0.0-210.49.255.255
• 203.17.140.0-203.17.140.255
• 211.28.0.0-211.31.255.255
• 58.160.0.0-58.175.255.255

It will be interesting to see if there is a spike in scanning of ssh on mobile networks in the coming weeks. Users should never ever used a cracked iPhone, make sure that if your company provides iPhones that all users including the IT department employees understand not to use jailbroken or cracked software. This should be part of employee usage aggrement and may need to be revisited in a Monday email blast from your security team.

Update on Monday, November 9, 2009 at 11:15AM by drStrangeP0rk

iKee is replacing the default wallpaper with a photo of Rick Astley. Users will have to use the chown, chmod and of course the rm command to remove the exploited wallpaper. This can only be done of course if the root password was not change from alpine by iKee. (Currently it does not alter the root password but stay tuned.)  I have to admit it is funny. Maybe jailbroken iPhone users after getting "Never Gonna Give You Up" stuck in their head will realize that they should not alter a system unless they understand the underlying implications or of course if they are big Rick Astley fans and do not care about the CIA of their data.