or Connect
AppleInsider › Forums › Mobile › iPhone › Malicious worm attacks, steals data from jailbroken iPhones
New Posts  All Forums:Forum Nav:

Malicious worm attacks, steals data from jailbroken iPhones - Page 2

post #41 of 63
Quote:
Originally Posted by Gazoobee View Post

It's like giving loaded handguns to children to play with but telling them not to point it at their friends and thinking you've done your job.

No, it's like handing an adult a Windows XP box without antivirus and telling them to get a decent antivirus and avoid going to porn sites. Do they listen about the antivirus? No. Do they go to porn sites anyway? Yep. Crash and burn.

People who have iPhones aren't presumably children, for the most part. Your logic that people don't/didn't know what they are doing is nonsense. They chose not to read the whole instruction manual.
If they knew enough to find the jailbreak applications and read the forums and such on how to do it, is it too much to ask of them to fully read the instructions and warnings?
post #42 of 63
Quote:
Originally Posted by chronster View Post

Actually I spray painted camo on my DVD player and my comcast DVR UI has the Timesquare color theme! jk

but seriously, I could see Apple someday releasing an update that lets you theme the UI with different icons, colors, wallpapers, and even animation between screens. It's probably at the bottom of their todo list since it's not vital functionality, but it's definitely something everyone would enjoy a lot.

Maybe back in OS9 days! I doubt Apple will relinquish control to users...
post #43 of 63
Quote:
Originally Posted by chronster View Post

Actually I spray painted camo on my DVD player and my comcast DVR UI has the Timesquare color theme! jk

but seriously, I could see Apple someday releasing an update that lets you theme the UI with different icons, colors, wallpapers, and even animation between screens. It's probably at the bottom of their todo list since it's not vital functionality, but it's definitely something everyone would enjoy a lot.

Seriously? In 9 years of OS X, they haven't managed to get that functionality onto their computers. What gives you the impression it's coming for the phones anytime soon?
post #44 of 63
I guess jailbreakers were fortunate this time, because both outbreaks were targeted and limited in scope at their onset, although infected devices may be acquiring fresh orders and evolving as you read this, placing you at risk, among other things, of:

10) Having your voice recorded, your picture taken and your location identified, so they know everything necessary -when you add all of your contact data- to do some nasty scamming on you or your family. Ever heard of virtual kidnappings? They could do it from as far as Nigeria.

9) Having your personal pictures posted on the "wrong side" of the web.

8) Some pretty hefty phone bills with dozens of 1-900 calls to shady places.

7) Having your phone calls intervened, so now they know all the nitty gritty details needed for some black-mailing.

6) Having your incoming calls redirected to anywhere in the world; for pranks (to the police station, sex shop, somewhere in China etc), for scams (to your "other me"), for gain (to a 900 number), for pain (to some nasty greeting message).

5) Having your outgoing calls redirected, either to the same places as mentioned above, or to some random choice from your own contacts list. Not pleasant at all.

4) Having your battery drained on purpose.

3) Having your phone perform DOS attacks or any other type of high volume broadcasting which will in the end get you kicked off the cellular network.

2) Having your phone cloned.

1) Having your iPhone bricked beyond repair.

I guess Apple is right in considering the phone more sensitive than the desktop.
post #45 of 63
Quote:
Originally Posted by jz1492 View Post

I guess jailbreakers were fortunate this time, because both outbreaks were targeted and limited in scope at their onset,

Very limited. Only jailbreaks who have installed SSH and have failed to change their password. I can’t imagine this is a common, especially now after weeks of media on the subject.

Quote:
1) Having your iPhone bricked beyond repair

It’s not possible from root access. Never seen an iPhone that can’t be restored.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #46 of 63
Quote:
Originally Posted by solipsism View Post

...Its not possible from root access. Never seen an iPhone that cant be restored.

Maybe because it's never been actually tried. The jailbreaker community had been 100% constructive until the rickastley worm.

Are you willing to bet it is not possible? Any communication with the iPhone is firmware dependent. You need at least that part intact to restore.
post #47 of 63
Quote:
Originally Posted by jglavin View Post

Serves them right for not changing their root password. That's just opening a can of worms right there.

It's not just the default password that is the problem.

Jailbroken iphones are less likely to be updated with the latest iphone firmware --- and most of the security vulnerabilities are going to be in the web browser. Even in the best circumstances, Apple is fixing these iphone web browser vulnerabilitiies months behind the desktop counterpart.
post #48 of 63
Quote:
Originally Posted by jz1492 View Post

Maybe because it's never been actually tried. The jailbreaker community had been 100% constructive until the rickastley worm.

Are you willing to bet it is not possible? Any communication with the iPhone is firmware dependent. You need at least that part intact to restore.

Yes, I am willing to bet. In part because I know that the iPhone has ROM (read-only) which will always allow for the restoring of the firmware. So unless there's a physical hack to disable this, you're safe from true bricking.

And, as a bet, it's something that pays off. I would value my jailbroken iPhone at about 2-3x the value of what the iPhone would be worth to me if I couldn't jailbreak it. The benefits are that significant.

As far as the rest of the security issues and problems mentioned earlier...

There's been a lot of misinformation here. Jailbreaking an iPhone can *increase* security. It's likely to do exactly that for people who aren't idiots *and* don't ignore clear instructions as well as warning posted on all the sites where jailbreaking info is given.

Every iPhone comes with the same exact root and mobile user passwords. If your iPhone isn't jailbroken, I know your root and mobile user password. The only way to change these passwords is by jailbreaking. This means that if someone gets physical access to your iPhone, they can get access to all your data, even if you've pin-protected it. The passwords to your iPhone are known. Nobody knows my iPhone's passwords but me.

And other alleged problems with jailbroken iPhone...battery life, crashing, etc... Sorry, but there too jailbreaking provides tools that can improve upon the original. Sure, just like an idiot can abuse SSH and make their iPhone less secure (just like they can with any other computer), a user can do things like install software that runs in the background 24/7. But that's now their choice, however additional choices have meant that there were tools that at various times have helped solve issues native in the iPhone OS.
post #49 of 63
Quote:
Originally Posted by Abster2core View Post

Not really

I would in fact suggest that you get less functionality overall. Those that don't jail-brake their phones and update their OSs get more functionality than those that jail brake just to get a couple of apps to brag about.

And from what I have witnessed in my classes, those that do jail break are missing a lot. Invariably, it is shown that the original need has been negated and the increased functionalities and improvements seen with each update isn't worth the trouble and aggrivation.

However, this is not to say that everybody should stop. Actually, jailbroken apps are of most interest by legitimate developers. The reasons should be obvious.

What you wrote makes no sense whatsoever. The latest version of the iPhone OS is 3.1.2. You can jailbreak 3.1.2, so what exactly is the functionality that non-jailbroken users get that jailbroken ones don't get? And, every previous version of the iPhone OS was jailbreakable as well, so I'm at a loss as to how multitasking, customization, app folders, a control panel dashboard, music sharing, and all the other features possible only by jailbreaking somehow result in less functionality considering they're all optional.
post #50 of 63
Quote:
Originally Posted by iGenius View Post

The average computer user is not an idiot. It is possible that the average Mac user does not fit this profile, but personally, I doubt it.

If an idiot does stuff with the innards of his computer which he does not understand, he is likely to have all sorts of problems. But this is not a good reason to lock down devices intended for average folks. It is telling that the iPhone is locked down. It appears that it is a device intended for idiots, rather than average computer users. Appearances can be deceiving, however.

Here's a clue: If you don't know what the heck you are doing, don't take chances screwing around with basic low level stuff on your computer. Buy a Mac, and leave all the (few) settings at the default value. Only install software from Fortune 500 companies, and even then, prepare for confusion.

Here's another clue: If you don't now anything about cars, don't go under the hood and try to replace stock parts with high-performance parts. If you don't know anything about photography, buy a point-and-shoot camera and leave it on the "automatic" setting. If you don't know anything about boats, stay close to shore. You get the point...

I thought it was pretty clear that I was using the term "idiot" in a sort of colloquial sense. And you should have stuck with your instincts in the first paragraph and not implied that mac users were idiots as you do in the third paragraph.

I think you've missed my point overall.

Using your car analogy, If you buy a car that performs well, but has a "fix" that doesn't allow some minor function that you would like, for example it won't do fourth gear or something...

The "jailbreaker" in that scenario is a guy that says he can replace the whole motor almost instantaneously, for free, and that it will do double the speed and have all kinds of other benefits that you don't really understand. You agree, because everyone else is doing it and it's free, and it takes less than a few minutes to do. He hands you a piece of paper that essentially says there's no absolute guarantee, but you don't really read it or care, because .. everyone's doing it, and let's face it, you're getting the equivalent of a Mazaratti for free.

You have also read lots of articles in the paper recently about how cool this modification is, how "all the smart folks are doing it," and how lovely it is to drive the super fast car for free. There are even indications that you could get free fuel for it (apps) if you go to the right shady garages.

If that car later blows up or stops or has some other issues, your warranty is void and it's basically your fault for doing the stupid thing in the first place. But my argument is that the guy "selling" the modification, and all those involved in pushing it as a "good thing" share a portion of the blame.

In legal terms (IANAL), this is known as an "attractive nuisance" and it is illegal for good reason.

The usual example of an attractive nuisance is that you can't put a guillotine in your front yard even with a big sign saying "Danger! stay away from this head chopping machine." Even though it's your property, even though the machine is clearly labelled with warning signs, and even though the person has to trespass on your property and step around a barrier or a warning sign, you are still responsible for leaving it out and will be charged with manslaughter if anyone uses it.

They are stupid of course, it's their fault of course, but it's also the owner of the guillotine's fault for putting it out there in the open in an enticing fashion.
post #51 of 63
Quote:
Originally Posted by technohermit View Post

No, it's like handing an adult a Windows XP box without antivirus and telling them to get a decent antivirus and avoid going to porn sites. Do they listen about the antivirus? No. Do they go to porn sites anyway? Yep. Crash and burn.

People who have iPhones aren't presumably children, for the most part. Your logic that people don't/didn't know what they are doing is nonsense. They chose not to read the whole instruction manual.
If they knew enough to find the jailbreak applications and read the forums and such on how to do it, is it too much to ask of them to fully read the instructions and warnings?

I'm not arguing that at all.

I'm saying that the iPhone is a consumer item like a VCR, and that the users are not necessarily and not typically "computer users" or "techies" or anything close to that. The iPhone is technically a computer, but so is everything nowadays. You car is a computer (or has several in it), as does almost every consumer product.

It's not an issue of computer users making an informed choice about software.

The jail-breaking methods are a single click on a website in some cases, there are "shops" in my town set up to jailbreak the things for you. There is no hacking knowledge required.

When you combine users who have no knowledge of the internal operation of the device (the average iPhone user), and jailbreaking provided as a free idiot proof service, it's that point at which some serious danger appears.

What I'm saying is that those promoting it for themselves in the interests of so-called electronic freedom and other windy arguments, are not seeing the effects their promotion is having on the average user, who isn't computer savy, doesn't care about electronic freedom, and just wants a cool wallpaper or free apps.

The jailbreakers have a very logical argument for doing what they do, it just doesn't hold any water in the real world of consumer mobiles, and it's a bit facile of them to ignore the problems they are undoubtedly creating. People are all different, what's good for a techie is not necessarily good for the average consumer, and there is a whole social side to the argument that's being completely ignored by those promoting the jailbreaking.

This is also logical, in that if you take the social side of it into consideration, all of a sudden the jailbreakers don't look so noble anymore.
post #52 of 63
Isn't it awesome living in a world with no personal responsibility! It's so great. Now we have locked down TV, computers, cars, phones, etc.

We have laws for 300+ million because 1 guy had to be stupid. We live in a dictatorship, why would you expect anything other to come from the companies that fund our dictatorship gov.
[center] "Hey look, it's in the center. I am SO cool!"[/center]
Reply
[center] "Hey look, it's in the center. I am SO cool!"[/center]
Reply
post #53 of 63
Quote:
Originally Posted by technohermit View Post

Seriously? In 9 years of OS X, they haven't managed to get that functionality onto their computers. What gives you the impression it's coming for the phones anytime soon?

I wonder why that is. You'd think a company who's motto is to "Think differently" wouldn't stifle creativity in this regard.
post #54 of 63
Quote:
Originally Posted by 1966goat View Post

This is ridiculous.

People who jailbreak software does not automatically install SSH on the phone. You have to install openSSH from Cydia, and anyone who does download something like openSSH needs to understand how it works before they do it.

No, not every person out there downloads SSH. Yes, jailbroken iphones have MUCH more functionality than iphones - remember when you didn't have copy/paste, picture messaging, or phone search? I did. Oh, and I can access my filesystem anytime i want.

Exactly. Ignorance abounds in these forums when someone is perceived as crossing Apple in some way. It's pretty sad actually, but you get used to it. I also suspect some of these pontificating dolts simply can't figure out how to jailbreak on their own, or don't have the balls.
post #55 of 63
You have to install SSH from Cydia, do you?

So you can't have it automatically installed at a "honeypot" site which specialises in attracting n00bs who'll pay to jailbreak their iPhone.

Cydia is irrelevant, the Dev team is irrelevant, they have less control than Apple, they aren't even at the forefront of jailbreaking anymore.

Quote:
Originally Posted by 1966goat View Post

This is ridiculous.

People who jailbreak software does not automatically install SSH on the phone. You have to install openSSH from Cydia, and anyone who does download something like openSSH needs to understand how it works before they do it.

No, not every person out there downloads SSH. Yes, jailbroken iphones have MUCH more functionality than iphones - remember when you didn't have copy/paste, picture messaging, or phone search? I did. Oh, and I can access my filesystem anytime i want.
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #56 of 63
Quote:
Originally Posted by Wiggin View Post

Then again OS X doesn't come with a default password that you need to know to change!

That's the danger of creating automated jailbreaks that allow people who don't know that they are doing to expose themselves to these risks.

If the iPhone is also Jail-broken from the manufacturer, as is Mac OS X, it can come with no default password as it is on Mac OS X, don't you think ?

I really don't get why so many people say "open" iPhone is such a vulnerability, where open Mac is not. If iPhone is open from manufacturer, it would get security updates, so this point is moot, too.
post #57 of 63
Quote:
Originally Posted by macslut View Post

Yes, I am willing to bet. In part because I know that the iPhone has ROM (read-only) which will always allow for the restoring of the firmware. So unless there's a physical hack to disable this, you're safe from true bricking...

The boot ROM is actually faster executable NOR flash memory, not masked ROM. The jailbreakers modify it so the bootloader may accept unsigned, jailbroken firmware.

Don't bet the farm
post #58 of 63
Quote:
Originally Posted by jz1492 View Post

The boot ROM is actually faster executable NOR flash memory, not masked ROM. The jailbreakers modify it so the bootloader may accept unsigned, jailbroken firmware.

Don't bet the farm

I'm not. I'm betting the price of one iPhone. The payoff is an iPhone that has 2-3x the value. I don't know how many of the millions of 1st, 2nd and 3rd generation iPhones have been jailbroken, but considering not 1 true bricking, I've got to like those odds.
post #59 of 63
You get what you messed up with. Use it the way it was made to function or pay the consequences.
It is as simple as that.
post #60 of 63
Quote:
Originally Posted by OC4Theo View Post

You get what you messed up with. Use it the way it was made to function or pay the consequences.
It is as simple as that.

YOU TELL 'EM!
post #61 of 63
Quote:
Originally Posted by Masterz1337 View Post

Have you heard, Jailbreaking your Phone also increases your risk of cancer too.

Those things you listed are grossly exaggerated, and most of those are no brainers

thing is that Apple has seen and gotten grief for all the listed items. And enough that it fact they aren't no brainers to all and needed to be spelled out. Just like they flat say if you unlock or jailbreak your phone good bye warranty on any issue.
post #62 of 63
Quote:
Originally Posted by Brainless View Post

Repeat again what has been said in another forum. It is interesting to see that Mac OS X comes "jailbroken" from the manufacturer, and no one claims it is a security risks...SNIP...There is nothing wrong with Jail break.

Exactly. This is one of the worst pieces of propaganda I've read since I was sent to Guantanamo.
post #63 of 63
How are the two things related? The jailbroken phones rely on a hole that Apple has since fixed. If Apple was more liberal in the applications it supported, for many, there would be little reason to jail break the phone. For instance, why does Apple get to tell me whether or not I can download an application that let's me shake a baby? I own the phone.

Quote:
Originally Posted by krreagan View Post

This illustrates a very good reason why Apple keeps a tight lock on the iPhone. If this happened to a "locked" iPhone could you imagine the crap that Apple would take!

If you jailbreak your phone you are on your own!

I'm sure Apple will still take some shit for this because some do not understand the vulnerable and think all iPhones are susceptible, or just think that Apple is responsible for anything and everything regardless if the phone is jail-broken.

KRR
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Malicious worm attacks, steals data from jailbroken iPhones