Appletell | Apple, Mac, iPhone, iPod | News, Rumors, Reviews, How-Tos

There has been a lot of news lately on iPhone worms targeting those with jailbroken phones. These exploits take advantage of people with jailbroken iPhones using OpenSSH (which is available via Cydia) who don’t change their password for access as both a “root” (most powerful) and “mobile” (more restricted) user.

Apple has actually officially commented on the situation, stating that “the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software.” Apple has never been friendly towards jailbreakers, and it seems from their statement that they don’t even want to be bothered with it.

The only good side of all this is that if you have a jailbroken iPhone with OpenSSH installed, you can simply secure your device from being targeted by this worm. To do so, follow the steps below from TUAW:

1. Install MobileTerminal via Cydia (or login to SSH from Terminal.app on your Mac or a Cygwin-equipped Windows PC).
2. Type “login,” you will then be asked for a login name, enter “root” and “alpine” as the password.
3. Type “passwd” and then tap return (or your enter key) and you’ll be asked for a new password, enter it and tap return again.
4. Repeat the previous process for the “mobile” user by replacing “root” with “mobile” and then “alpine” as your password again.

Also, if you’d like to go the extra mile, you can install jailbreak apps like BossPrefs or SBSettings, both of which contain toggles to disable SSH when it’s not in use. Having SSH disabled is obviously the safest way of avoiding any worms.

Read [TheLoop] Via [TUAW]