The iPhone becomes a victim of its own popularity
It is no secret that the Apple iPhone is one of the most owned smart/entertainment phones in the world. It is also no secret that more than half of the phones out there on the market are jailbroken and of those a large number are both jailbroken and unlocked. This is a figure that drives Apple absolutely bananas. They hate the fact that users have control over what they can and cannot do with their phones.
To counter this, Apple has tried everything from scare tactics (claiming that jailbroken phones can be used by terrorists to bring down the global cellular network) to an attempt to make the creation (and use) of jailbreaking software illegal through copyright violations. So far, thankfully, none of these have succeeded, so they have only had the option of trying to block holes and exploits with new firmware updates (which also have failed).
But now we see something new, Apple and its global partners may actually have a friend (although an unintentional one). With the sudden creation of a string of worms for the iPhone software, we have a real answer to the scare tactics that Apple has tried to use. But is this a real threat, or does it once again play on user ignorance to exploit a known hole in a rather insecure operating system?
To answer that, we need to take a look at the two most recent worms for the iPhone OS. The first was an annoying but rather harmless bit of malware that replaced images on the screen with a picture of the one hit wonder. The exploit worked through jailbroken iPhones that had SSH installed and that left the default root password on the phone. It also only seemed to work over the WiFi connection. In fact, we could not connect to our iPhone 3G S over the 3G network using SSH and Winscp or Putty.
Following hot on the heels of the Rick-Roll incident was a much more malicious bit of code that uses the same exploit, but this time captures user data from web browsing and apps that connect to the web. This includes banking apps and even Facebook and Twitter. If it has a user name and a password it can grab it and forward it to servers run by the writers of the virus.
Now, we begin to see a pattern and one that screams of the dangers of jailbreaking the iPhone. But, is it really the act of jailbreaking that causes the problem? The answer to that is no. You see, by default SSH is not installed. You have to manually install it after you have jailbroken your iPhone.