iPhone worm?!! I call baloney.
I saw some news recently about an iPhone worm (more details here) making the rounds in Australia. I have a brief response to those freaking out and making a big deal about this. Ready for my quotable, official response?
It’s Complete and Utter NONSENSE!
No, really, let me explain. This worm works against jailbroken phones ONLY. What? You mean phones that have been compromised to begin with? Yes. In order to jailbreak a phone, you have to essentially hack into it. Also, this worm propagates by using the default SSH password set within SSH, an application that can be installed after jailbreaking. It’s not using some massively gaping hole left in by Apple when they wrote the iPhone OS. It attacks an application, added by a few individuals. That’s all.
Please understand, I’m not saying Apple is innocent of making stupid mistakes that lead to security vulnerabilities. They do it all the time. In this instance though, they didn’t. This worm is a non-issue.
ps – On a geeky historical note, it’s method of propagation reminds me a little of the Morris Worm. I guess everything old really is new again.
