The Worm Has Turned: iPhone Exploit Gets Nasty

Last week the news about yet another non-belligerent iPhone worm did the rounds and people responded by saying things like “How silly jailbreaker’s are for not changing their SSH root passwords,” and “It’s only a matter of time until a worm appears that’s not so friendly…” OK, yes, geeky people said those things. Normals will likely never know that jailbreaking is something you can do to a phone.

Well, the predictions of gloom have proven true. Over the last few days, and reported by The Mac Observer, a new worm has been identified. This one, (so-far limited to iPhone owners in the Netherlands), takes advantage of the exact same SSH-exploit as the previous worm. Once on a user’s iPhone, it circumvents Mobile Safari’s anti-phishing technology to present a spoof of a popular banking website. Users are tricked into handing over their online banking authentication details. The worm spreads from iPhone to iPhone, but is limited to jailbroken handsets connected to the same Wi-Fi network.

Apple has weighed-in with its own sage wisdom and advice on the matter. Speaking to The Loop’s Jim Dalrymple, Apple spokesperson Natalie Harrison said:

The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software. As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.

If you live in the Netherlands and have jailbroken your iPhone and installed SSH, you need to change the default password to protect yourself from this particular exploit. Just don’t think you’ll be safe — Apple might keep the iPhone platform locked-down tight, but you can’t argue against the obvious security advantages of doing so. To date, there have been four confirmed worms “in the wild” on jailbroken iPhones. How many confirmed worms have appeared in the wild that affect non-jailbroken iPhones? There you have it.

The Real Question Is…

But the real question, as I see it, is this; who jailbreaks any more? I mean, really… who? Why? The single biggest reason people originally went to the trouble of jailbreaking their iPhones was due to frustration at the lack of native apps. (Back in the early days of iPhone ownership, and before the app store existed, only Apple’s own home-grown apps were locally installed on the device. Every third-party apps ran inside Mobile Safari and, therefore, required access to the Internet.) I did a lot of travel back then, usually by air and train, so I didn’t always have a reliable Internet connection; this rendered most of my web apps useless. That annoyed me, and I very nearly did the whole jailbreaking thing just so I could install applications locally that would work irrespective of an active Internet connection. (Ultimately I wussed-out, too afraid I’d permanently mess-up my precious — and expensive — iPhone.)

But that was then, and times have changed.. What other compelling reasons were there to void Apple’s iPhone warranty? MMS, video recording, exchange server support, multitasking and Copy & Paste were the “most missed” features. Today we have more apps than you can shake an iPhone at. We have MMS and video recording, exchange support and copy & paste.

The only thing missing is “true” multitasking, but for the vast majority of iPhone owners (for whom multitasking is another way of saying “I want instant messaging!”), Apple’s Push Notification Service does a decent job of balancing productive multitasking with preserving battery life.

So… why jailbreak? Is it a form of protest against Apple’s broken application approval process? Is it because you absolutely must replace the default icons with something far less classy? Perhaps you can’t live without tethering? Tell us in the comments the (few) remaining reasons for jailbreaking an iPhone.

Just please don’t say it’s for geek cred… I might cry!