Jailbreaking Puts IPhone Owners At Risk, Says Researcher

Jailbroken iPhones are much easier to hijack, security researcher Charlie Miller said today, and the proof is in the ikee worm that has infected some Australian phones.

By Gregg Keizer
Mon, November 09, 2009

Computerworld — Jailbroken iPhones are much easier to hijack, a noted security researcher said today, and the proof is in the worm that has infected some Australian phones.

The worm, known as "ikee," has been billed as the first iPhone worm, a title that Charlie Miller, famous for hacking iPhones and Macs, said is accurate. "I'd say it was a worm," said Miller. "It spreads, and it executes remote code, so it's a worm." Miller also agreed that it was the first, saying that although he and others have crafted exploits that compromise the iPhone, they have never been wrapped into a worm.

Miller, formerly with the National Security Agency and now an analyst with Baltimore-based Independent Security Evaluators (ISE), was one of three researchers who uncovered the first iPhone vulnerability in July 2007, just weeks after Apple debuted the smartphone. He's also known for successfully hacking Macs two years running at the annual "Pwn2own" contest, and is the co-author of The Mac Hacker's Handbook .

The ikee worm was released last Wednesday by Ashley Towns, a 21-year-old unemployed programmer from Wollogong, Australia, who told the IDG News Service that he intended it as a prank, and as a lesson to users who jailbroke their iPhones.

Miller, however, said that the lesson is more than the one Towns maintained: that users should change the default password of the SSH (secure shell) Unix utility. Towns' worm accessed others' iPhones using that default password, then changed their devices' wallpaper. SSH lets users connect to their iPhone remotely over the Internet over a encrypted channel.

"A year ago, I didn't think that jailbroken iPhones were less secure than those that weren't jailbroken," said Miller. "But I've changed my mind."

By jailbreaking an iPhone -- the term describes the process of modifying a device so its owner can download and install unauthorized software -- people leave themselves open to attacks that an unaltered iPhone would easily deflect, said Miller.

"The obvious reason why they're less secure is that you get extra software on the iPhone when you jailbreak," noted Miller, referring to the tools necessary to both hack the smartphone and install applications not approved by Apple. "But there are other, less-obvious reasons, too."

Among the latter is the fact that by design, a jailbroken iPhone allows software to run as "root," the Unix-based user account allowed to access the entire operating system. That gives hackers automatic access to everything on the iPhone, something not possible on a standard iPhone without an existing vulnerability and a working exploit.

Continue Reading

White Papers »
Building a Strategic Archive with Simpana Software (ESG)
This paper discusses the reasons ESG believes CommVault® Simpana® software could be a viable cornerstone of an organization's information retention strategy. ESG specifically examines Simpana archiving capabilities that organizations may not believe they need now but, given current archive market trends, will be extremely useful to them in the near future.
Simpana Virtual Server Lab Validation (Evaluator Group)
This EGI validation report documents how CommVault's Simpana 9 software provides a wide variety of data protection, restoration and data preservation options.
CommVault enhances Simpana 9 for virtualization, 'big data' archiving (the451 Group)
The451 Group recaps the new innovations to Simpana 9, outlining each new functionality, Simpana's key differentiators and where that positions us in the changing market. For example, The451 Group notes that "CommVault's SnapProtect technology is rapidly becoming one of the crown jewels in the Simpana portfolio, and CommVault has a significant head start over its competitors in taking advantage of the trend toward increased reliance on snapshots and replication."
Simpana OnePass Integration with HP X9000 (ESG)
This ESG Lab Review documents hands-on testing of Simpana 9 software from CommVault, specifically its "OnePass" data change gathering and retention mechanisms as well as its integration with HP X9000 (IBRIX) scale-out NAS.
HP NonStop SQL Fundamentals whitepaper
This whitepaper offers a detailed look into the fundamentals of HP NonStop SQL solutions. See how this system delivers unprecedented levels of application availability with fail-safe data integrity and meets the needs of enterprises with large-scale business critical applications.
BPM for Insurance: Four Paths to Outdistancing Your Competition
Business process management (BPM) software is a transformative technology that is helping insurance companies rapidly address some of the industry's biggest historic challenges. One of the best things about BPM is that the technology can be applied broadly, allowing an insurance company to gain multiple economies of scale. This is a substantial benefit, but it also presents those who want to introduce BPM to their organizations with a challenge - where to start?
Webcasts »
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and enterprise campus network infrastructures for the Cloud, and identify ways to better allocate network resources, reduce operating costs and improve application performance.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and disaster recovery and support considerations.
Virtualizing Microsoft and Oracle on VMware vSphere: Benefits and Best Practices
Virtualizing business-critical applications is an essential step in your journey to the cloud. Microsoft SQL Server, Exchange and SharePoint, and Oracle applications, are often the backbone of business IT. The benefits of virtualizing these applications extend far beyond mere consolidation. Understanding how VMware improves quality of service and agility while reducing costs will help you make the case for taking virtualization to the next level in your company.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Building a Strategic Archive with Simpana Software (ESG)

Simpana Virtual Server Lab Validation (Evaluator Group)

CommVault enhances Simpana 9 for virtualization, 'big data' archiving (the451 Group)

Simpana OnePass Integration with HP X9000 (ESG)

HP NonStop SQL Fundamentals whitepaper

BPM for Insurance: Four Paths to Outdistancing Your Competition

Overcome Top 7 Admin Challenges of Active Directory

Top Solutions and Tools to Prevent Devastating Malware

Insiders Can Ruin Your Company. Take Action.

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Has Your Server Infrastructure Kept Pace with End User Demands?

Delivering a Greener Data Center

Cloud-Scale Networks Using Open Fabric Architectures

Mobility in the Network: A Phased Technology Approach

Smarter Commerce is redefining value chain visibility

Digital Transformation: Creating New Business Models Where Digital Meets Physical

IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management
Sponsored Links

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Join the Conversation. Follow Oracle EPM & BI on Twitter Today.

Check Point Trusted by the Global 100

Customized information views & Twitter events at New Fulcrum Point

ShoreTel UC cuts costs like no other. Mobilize your business today.

E-book: Discover Business-Ready Storage Systems For Oracle Environments

Managed Hosting Buyer's Guide - Benefits to key considerations

Discover how integration of operations mgmt and service mgmt enhances productivity.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Compare risk and TCO in single and multivendor networks on Feb 23.

Connect with global CIOs now at Enterprise CIO Forum

Upcoming Webinar: Managing Cost in the Cloud

Resource Center
buy a link »
Ads by TechWords