Posted 11/09/09 at 06:07:26 PM by Ryan Whitwam

Apple told us jailbreaking wasn’t a good idea. Sure, we mocked them at the time, but it is looking a little less safe these days. The first iPhone worm has been discovered affecting iPhones in Australia. The virus takes advantage of a massive security hole in the SSH client for jailbroken phones. The “ikee” worm is fairly benign, simply changing the user’s wallpaper to a picture of Rick Astley of “Rickroll” fame.

As it turns out, the default password for the SSH client is ‘alpine’. The worm accesses the phone via this route, and then attempts to infect other phones on the network. The worm’s creator, a 21 year-old student, said in an interview, “The virus itself is not malicious and is not out to hurt people. It's just poking fun and hoping waking people up a little.”

Un-jailbroken phones, and jailbroken phones that don’t have SSH installed are not vulnerable. Jailbreakers should head to the Cydia store, and use the Mobile Terminal app to change their default password. With a zillion iPhones out there, it was only a matter of time.

Read More

Posted 11/04/09 at 09:02:40 AM by Paul Lilly

There's a lot you can do with a jailbroken iPhone, and apparently, there's a lot others can do with your hacked smartphone as well. A hacker from the Netherlands made it his mission to alert modified iPhone owners via SMS that their security wasn't up to snuff.

The SMS contained a link to http://doiop.com/Hacked, which has since been eradicated from the Web. But before it was taken down, the site asked victims to send 5 euros (about $7.56 USD) to a Paypal account and then sit tight for email instructions on how to secure the hacked phone.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others -- they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intentions of harming you or whatever, but some hackers do! It's just my advice to secure your phone."

According to ArsTechnica, the hacker used port scanning to identify jailbroken iPhones on the T-Mobile network in the Netherlands with SSH running. The hack also relied on unchanged root passwords to gain access, which is where the real security risk came from.

So what can you do to secure your phone? The same hacker who tried to make a quick buck has apologized for his actions, promised to return what money he's made, and posted steps to secure your jailbroken iPhone, which you can find here.

Read More

Posted 08/05/09 at 09:58:10 AM by Paul Lilly

Jailbreak your game console and no one is likely to take notice. But make a home business out of jailbreaking consoles for others and you may draw the attention of Homeland Security.

At least that's the case for Matthew Crippen, a 27-year-old Cal State Fullerton liberal arts student who was arrested by Homeland Security authorities on Monday. Crippen was picked up for allegedly violating the Digital Millennium Copyright Act (DMCA).

"Defendant Matthew Crippen willfully and for purposes of commercial advantage and private financial gain, circumvented a technological measure that effectively controlled access to a copyrighted work, more particularly, used software to modify a Xbox machine's Optical Disc Drive so it would circumvent the anti-piracy measures contained on the original unmodified Optical Disc Drive,"  U.S. attorney Thomas P. O'Brien wrote in the indictment (PDF).

In a telephone interview with Wired.com's Threat Level, Crippen maintains the purpose of his jailbreaking business was to allow patrons to make "legally made backups," not for piracy.

The indictment charges Crippen with two counts, and if convicted, he could face up to 10 years in prison.

Read More

Posted 07/31/09 at 10:40:55 AM by Paul Lilly

According to Apple, you should think twice before jailbreaking your iPhone to run software that hasn't been approved for distribution through the iPhone App Store. Should you decide to do it anyway, cellphone towers could come under "potentially catastrophic" cyberattacks, Apple says.

In a filing with the Copyright Office, which is considering a request by the Electronic Frontier Foundation to legalize the practice of jailbreaking, Apple wrote:

"A local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data. Taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer -- to potentially catastrophic result."

Apple went on to say that the technological protection measures in the iPhone were specifically designed to avoid such scenarios, and jailbreaking would undo all of that.

Fred von Lohmann, the EFF attorney who has requested that consumers have the legal right to jailbreak iPhones, isn't buying Apple's claims.

"As far as I know, nothing like that has ever happened," Lohmann said in an interview. "This kind of theoretical threat is more FUD than truth."

Read More