In association with heise online

23 November 2009, 15:01

New iPhone password: "ohshit"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A new version of the worm infecting insecure jailbroken iPhones resets the password. Using password cracking software John the Ripper, Paul Ducklin from Sophos has succeeded in determining that the password entered by the worm on infected iPhones is ohshit.

The worm exploits the same issue as its predecessor to gain access to iPhones – they all have the same system password ('alpine'). Users who have jailbroken their phones to deactivate Apple's rights management and have then installed an SSH server are inadvertently allowing open root access via the web.

And as expected, the early 'just for fun' worms are being followed by genuine spyware. According to Sophos, the worm, known as 'Duh', collects mTANs for online banking and connects to a central control server. It also overwrites the /etc/master.passwd file with its own version containing a new password hash. Ducklin has, however, succeeded in cracking this using open source program John the Ripper.

According to available reports, Duh does not appear to have spread widely. Users who have not jailbroken their iPhones have nothing to fear. By contrast, users who have jailbroken their iPhones and subsequently installed an SSH server should, as soon as possible, set a new password. If in doubt, it is always a good idea to check the passwords for the root and mobile accounts, just to be on the safe side.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit