While you have to go to quite some lengths to be vulnerable to it, jailbroken iPhones have been under fire for susceptibility to a particular SSH-based type of worm that has seen a lot of press lately. One of the developers, Ashley Towns, who helped to get the "rick" rolling, as it were, has just announced his employment at an iPhone game firm.

Sophos is reporting that he'll be taking up shop at mogeneration, the developer responsible for such hits as Xumii [iTunes link], a cross-social networking communication app, and Moo Shake! [iTunes link], a farm-based activity game for kids. It is an interesting turn of events given that mogeneration even reported on the topic of Ashley's now-infamous rickrolling iPhone worm.

I personally think that there is a lot of potential for coders of malware to embark on legitimate careers as developers coding for good. However, I don't favor the thought that malware developers are essentially getting 'rewarded' for their dangerous work. There is nothing from mogeneration to imply that Towns was hired based on the notoriety of his SSH-based worm, but I can't help thinking that there are other, more talented iPhone developers who have stayed below the radar by not writing malware.

I want to know what you think. Should developers of intentionally malicious software be given a clean slate and a new life? Or perhaps should they be feeling the effects of the law's very long arms?

[via Techmeme]

The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful "root" user as well as the more-restricted "mobile" user.

Not surprisingly, Apple has officially commented on the situation noting that "the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software." It is pretty clear from Apple's statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch.

Luckily, if you need to have OpenSSH installed on your iPhone (who doesn't want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone.

1. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH...
2. Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
3. Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine".
4. Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again.

Repeat this same process for the "mobile" user by replacing "root" with "mobile" in step 3. Also, when using passwd to change the password for "mobile" you may be asked the old password which would be "alpine". It is not necessary to use a different password for "root" and "mobile" but if you're highly security conscious, it wouldn't hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS.

In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!

Last month a Dutch iPhone user demonstrated how careless jailbreaking can cause trouble. Namely, after finding users who enabled SSH with the phone's default password intact, he sent those phones a message that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." A similar worm caused phones to rickroll their owners.

They could have done worse. This week, someone has. Again from the Netherlands and again finding jailbroken iPhones with SSH enabled, F-secure reports that this infraction puts up an ING Direct login page that lets the hacker gather login credentials and, we assume, move funds to wherever they please. This version also changes the 'alpine' password to block users from getting to the phone via SSH.

We'll have more on this as the story develops, but the moral is this: If you jailbreak your iPhone, you should know what you're doing -- and you should change your SSH password.

[via Engadget & ZDnet Asia]

Matthias Ringwald, of iPhone Bluetooth fame, has just released BTstack 0.1 for iPhone. This video demonstrates his group's technology in action, as an iPhone syncs with a WiiMote and then uses the WiiMote for input. Although the system does not yet have OBEX, it is, as Ringwald writes, "better than Apple's nothing."

I haven't had a chance to give the software a spin yet (you can download the source from Google Code) but I'm looking forward to playing. BTstack creates device connections using the L2CAP protocol. The code is currently aimed at jailbroken devices only. It supplies a Bluetooth daemon (BTdaemon) that you access from your apps. Given that the release is still only at version 0.1, expect a certain degree of instability and a lot of further development potential.

With the latest jailbreaking code, blacksn0w, now available for Geohot's blackra1n utility, iPhone owners who want to free their favorite smartphone from the constraints of the App Store and the AT&T network may do so. But a recent report by PCWorld / Network World indicates that Apple is hiring a new "sheriff" to lock up the iPhone platform for good. Is this true? Maybe not.

According to the post by Network World blogger John Cox, an Apple corporate website is showing a job posting for an iPhone platform security manager. The manager would lead a team aimed at creating methods for secure booting and installation of the iPhone OS, strengthening the platform's cryptographic services, partitioning and hardening internal security domains, and providing risk analysis of security threats.

The post goes on to breathlessly state that this job posting (which is noted as filling an existing position, not creating a new one) is indicative of Apple's concern that enterprise users might jailbreak and unlock their iPhones. The jailbroken phones would let enterprise users load apps that could "threaten corporate data or back-end Exchange servers," and "unlocking the phone... makes it hard to track, monitor and optimize wireless costs and could open the enterprise to legal problems."

Why is it so important for Apple to crack down on jailbreaking and unlocking? Well, the post says that many enterprises are adopting the iPhone "despite the fact that Apple provides virtually no security or management infrastructure..." That last statement is a bit ridiculous, considering that Apple even provides a series of white papers on exactly how to implement secure, managed iPhone deployments in enterprises.

Perhaps the author has been out the enterprise world for a while, since alterations like jailbreaking and unlocking are forbidden by policy in almost all big businesses that provide their employees with phones. As Mike Rose put it succinctly, "What enterprise user is jailbreaking their phone to use T-Mobile when that means they won't get reimbursed for their cell costs? What enterprise user wants to risk getting cut off from Exchange access?" And what enterprise employee is going to risk his or her good graces with the corporate security team for the sake of being able to run SplatCam or Cycorder on the iPhone?

The post tries to tie the rather innocuous task of filling an open job posting to an attempt by Apple to try to shut off the jailbreak world -- which, if it is doing, isn't necessarily about covering corporate requirements. As long as there are people who want to jailbreak their phones or unlock and move them to a different GSM carrier, hackers will find a way to do it. To us, it appears that Apple is just trying to maintain and improve security for the iPhone platform, something that will benefit all iPhone owners.

For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH. Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. Still confused? Let's back up a bit.

On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem. It does this by logging into the root user with the password "alpine." After installing SSH, it is always recommended that you change "alpine" to the password of your choosing. This hack can only affect people who chose not to change that password -- no one else.

This hack originated in Australia, the home country of ikee, and has possibly spread to other iPhones in other countries, but we've been unable to verify that. A gentleman by the name of JD held an interview with the hacker over IRC and posted it to his blog. In ikee's own words, here's how the worm has spread:

...The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on.

Basically, once your phone is infected, the worm starts looking for other iPhones on the cellular network that use the root:alpine combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again... and again... and again.

Luckily for the jailbreakers in the audience who may have been affected, there's really no harm done -- at least not with this version of the worm. According to the hacker, this was more of an experiment than anything else. The worm changes your background and then disables inbound SSH, which is a good thing. If SSH was left turned on, a similar worm could follow along but conceivably do much more damage. For instructions on how to delete this worm, read JD's interview with ikee. I would recommend reading the interview just for the information it presents; I found it pretty interesting. If you've got a jailbroken iPhone or iPod touch and you've never changed the default device password, now's the time. Here's how, if you are using terminal:

Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.

That's it. Please remember to be responsibly secure with your devices. Hackers like ikee are troublesome, but this could have been much worse. While I don't personally condone his actions, he's prevented a lot of people from being vulnerable to more malicious attacks later down the road.

Thanks, James!

For the last several months, anyone who had updated to iPhone OS 3.1 or greater without following a pre-update procedure lost the unlock on their iPhones due to new software in the modem firmware or the baseband. Using the at+xemn crash as an injection point, iPhone hacker Geohot (of the original hardware unlock) was able to unlock the latest firmware on any iPhone.

What does this mean? The iPhone can be unlocked for any GSM carrier, allowing you to use it on more than your country's authorized carrier or other carriers as you're traveling abroad.

Geohot suggests that you update to a fresh copy of iPhone OS 3.1.2 directly from Apple before performing his unlock. He has all the instructions available on his site.

The iPhone is slowly making it's way around the world. In Canada, there are now four major carriers that support the device: Rogers, Fido, Telus and Bell. So how will Apple continue to stock and support the iPhone with that many carriers? That's where the story get's interesting.

According to iPhoneInCanada.ca, to make stocking and inventory easier, the iPhones in Apple's Canadian retail stores will arrive completely unlocked without any SIM card. Once a carrier is chosen and a SIM card is placed in the device, it will then be locked to that carrier. So what happens if you put in a SIM card from a carrier other than the four in Canada? The simple answer: we have no idea!

While we're not entirely sure what this means, it does present some interesting ideas. The Canadian iPhones could only recognize the four possible carrier's SIM cards, but may also be entirely unlocked. It'll be interesting to see how people that want to use the iPhone on unsupported carriers will take this news.

Oh, so tempting. Engadget and Slashgear link to this video from our friend Steven Troughton-Smith: Exposé-style app management running on a jailbroken iPhone. No, you can't download it anywhere yet; no, we don't know when it will be ready for prime time and available on the Cydia repo; no, we don't expect Apple to have anything similar in the pipeline for vanilla iPhone use.

But wouldn't it be nice?

The ever-determined band at iPhone Dev have updated their "PwnageTool" to include the 3.1.2 release of the iPhone software for iPhone 2G/3G/3GS and iPod Touch 1G/2G (note that the iPod touch 3G is NOT supported).

Jailbreaking, which is different than "unlocking", allows different applications to be run other than the ones available at the App Store, and also allows for some additional functionality such as background process for third party applications. I assume that those who are interested in jailbreaking are already familiar with it enough to know what the 'dangers' are.

For the idly curious, I highly recommend that you check out the webpage and think about whether you really need the functionality it offers. Notably, this will not allow for things like internet tethering on a carrier that doesn't officially support it. The iPhone Dev folks suggest that you remain at 3.0 until a hack for that is developed.

Dear Auntie T,

My father-in-law (long time reader) has the old original iPhone. He finally made the jump and got himself a brand new shiny 3G S. My mother in law wanted the old phone, and promptly took her SIM card out and popped it in the old phone. It should have worked. It did not.

It prompted her to connect to iTunes and then tried to get her to choose a data plan, which she didn't want. All she wants is the essential function of a cell phone with a nice iPod layered on top. Wifi would be nice. She couldn't be less interested in a data plan.

This used to be possible. Is it now not possible? A good friend of mine, somewhat recently did this very thing and had no problem whatsoever. He is happily chugging along with a data-free iPhone 3G. ATT is giving them grief over the phone and won't let her use the phone without a data plan, despite the fact that the iPhone, being the original one, is owned outright and is not subsidized in any way.

Love and kisses,

Lauren

Read on for Auntie's response....

Why didn't Apple think of this? SmartScreen lets you add widgets to your iPhone lock screen, providing an interactive dashboard experience whenever you wake up your device. The software is jailbreak-only (as you'd probably expect, given its standard system-defying functionality) and will be launched in November 2009. Widget developers are currently being accepted to an invitation-only beta program. Details for the beta program and the SmartScreen product are available at the media-phone web site.

Yes, this isn't the only lock-screen information system out there. Intelliscreen and LockInfo provide calendar and email updates. At the same time, SmartScreen offers a fresh new approach that's a worthy alternative. I really like the visual flair and paged presentation, and the ability to move widgets around via direct interaction.

[Thanks, pytey and Steve Streza]

Please join us this afternoon at 4:15 Eastern for a live chat with Jay "Saurik" Freeman. Jay is going to talk to us about Apple's new signature server and what that means to you as an iPod or iPhone owner.

Have you noticed a new message in iTunes when you restore an iPhone or iPod touch? "Verifying restore with Apple..."? iTunes is now checking your unit against a registered database and deciding whether to allow you to install your firmware or not. Potentially, Apple could disallow downgrades to previous firmware versions. According to Freeman, this move allows Apple to "recall existing firmwares by keeping people from restoring to them in the future. To do this they simply would refuse to ever sign, for example, iPhone OS 3.0 again."

Freeman will explain why this is a real problem to both the standard App Store community and to the jailbreak community. Join us with your questions.

The legendary Dev-Team has done it again. It just released the new version of the Pwnage Tool, a desktop application that's used to create custom firmware packages to jailbreak iPhones and iPod touches.

Jailbreaking is the act of modifying the official firmware in order to run applications not approved by Apple. Chief among those applications, at least for the iPhone crowd, is the SIM unlock that allows the phone to be used on unofficial cell phone service providers.

The Dev-Team has found holes in previous versions of the iPhone OS that allow this code modification and has developed tools to make exploitation easier for the average user to accomplish. Once implemented, the jailbreak process installs an app that acts an unofficial App Store of sorts. The iPhone or iPod touch user can browse and install games, utilities, themes, and general applications. Cydia, one of these installer apps, even has a store with applications for sale.

Traditionally, when Apple releases a new iPhone OS version, that software upgrade breaks any jailbreak and SIM unlock present on the device. And so, you end up with the cat-and-mouse game that Steve Jobs alluded to shortly after the first firmware loophole was exploited and the original iPhone was unlocked.

Well, the mouse has stolen the cheese once again, and the Pwnage Tool released today will jailbreak the latest firmware, version 3.1.*

The big asterisk at the end of that previous sentence is that the Tool will only work on about half of the devices that use the iPhone OS -- only the original iPhone, original iPod touch, and iPhone 3G. The iPod touch line just released, as well as the 2nd generation iPod touch and the iPhone 3GS, cannot be jailbroken at this time. That means if you've already upgraded to 3.1 on your 3GS, you still won't be able to SIM unlock it as of the time of this post.

So, if you want to SIM unlock your iPhone 3G or the original model, Pwnage Tool 3.1 should do the trick. On the 3G, you'll need to use Icy or Cydia to also install the ultrasn0w app that actually performs the software unlock; however the original iPhone should be unlocked without this additional step.

You will need a Mac to run Pwnage Tool 3.1, but a Windows version is expected in the near future. Also expected soon is redsn0w, for both Mac and Windows, that further simplifies the jailbreak process by avoiding the need to create a custom firmware package.

Keep in mind, if you've been waiting for a jailbreak solution before upgrading to the latest firmware, many users have had fairly substantial issues with iPhone 3.1. My fellow TUAW blogger, Josh Carr, has reported that lots of iPhones and iPod touches are working poorly after upgrading. You may wish to hold off and stick with 3.0 or 3.0.1 until a solution is found, either by Apple or some other group of smart people.

But, if you're so inclined, you may find links to download Pwnage Tool 3.1 on the Dev-Team's official blog. Make sure to read the instructions thoroughly, and take heed of all of the warnings. They are there for a reason.

We've talked before about ways to control a BitTorrent client from the iPhone, and some unofficial developers have gotten it working in a jailbroken way. But apparently that's as far as we'll get -- µMonitor, a little iPhone app to control µTorrent (a popular BitTorrent app that I use pretty often) was recently submitted to the App Store, and Torrentfreak reports that it's been rejected out of hand. This isn't the first time something like this has come up: Drivetrain, another torrent remote control tool, was also rejected back in May.

Apparently Apple tells the developer that they are disallowing all types of BitTorrent-related apps "because this category of applications is often used for the purpose of infringing third party rights." Often does not equal always, but technically that's another point: it's Apple's App Store, and they can take their ball and go home if they want. Torrentfreak claims that the myNZB app technically does the same thing (it basically controls a newsreader that can be used to download large numbers of files, possibly in violation of copyright), but it's the word "torrent" that Apple (and, likely, their content partners) have an issue with. Sure enough, a search of "torrent" on the App Store doesn't bring up anything related to the BitTorrent technology.

You can still run µTorrent on your iPhone, although you'll have to jailbreak it and dive into the Cydia repository, where it's listed under "Utilities." As for Apple's stance, I wouldn't hold your breath waiting for things to change on this one -- µTorrent isn't even an app that enables BitTorrent downloading; it just makes it easier (by accessing a client that's doing the work elsewhere), and if they aren't willing to pay heed to these distinctions now, it's not likely they'll bother in the future, either.