This week's big news was about the iPhone worm, which changes the iPhone's wallpaper. It affects only the "jail-broken" iPhones, it may not be dangerous worm but the same technique could be used for various malicious purposed including data leak.
What is the vulnerability?
Jail-broken iPhones have the SSH daemon enabled by default and these phones have a default root password. So, the jail-broken phones with an unchanged root password is vulnerable to this.
How does the worm spread?
The worm spreads by scanning other iPhones in the local IP address change, the scan looks for SSH daemon and if it finds any, it tries to login using the default password. Post compromise, it copies an image file to replace the default wallpaper image. Note that the sam attack vector can be used to leak out data, planting other program, etc.
How to remediate this vulnerability?
If you have a jail-broken iPhone, change the password immediately, follow the instructions provided in this article.
No comments:
Post a Comment