I have no idea what I'm doing.

Monday, November 9, 2009

iPhone is the new Windows: Worms, Viruses, and Trojans

New article on tuaw.com:Worm rickrolls unsecured jailbroken iPhones via SSH

If you have a jail broken iphone, and you didn't change the default SSH password, you're vulnerable.  But let's say you did change your password, are you safe?  How long before someone adds a dictionary attack to the worm, and starts searching for weak passwords?  That's one of the methods that the Conficker work spread.  I'm amazed at how many people have a password of '12345'.  Is this Apple's fault?  or Microsoft's fault?  Who will get the blame for this particular worm: the jail breakers? ikee? Cydia?

And if it's not SSH then it's SMS; Apple patching nasty iPhone SMS vulnerability
And if it's not SMS then it's Safari;  iPhone Flaw Lets Hackers Take Over
And if it's not Safari...

So is it as bad as Windows?  Not until the iPhone/OSX reaches the mass market... oh wait, has that happened?

On the Windows side if you find an exploit, say RPC vulnerability, how many machines can you hit?  The tools are easy to come by, the data you can steal is valuable, and the targets are everywhere.

No comments:

Post a Comment