Jail-broken iPhones compromised by virus

Created by hasan.kamal under iPhone

Almost as a foreboding of the problems to come; jail-broken iPhones are now vulnerable to a new virus that installs itself through a default password in the SSH and remotely sending all data stored on iPhones. Yet again this is another feather in the cap of Apple who has been stating that jail-broken iPhones are illegal and ultimately will not be responsible for damages incurred.

This recent exploit is frightening since the SSH client’s default password is known to the virus developers and many people are not excessively comfortable tweaking with their iPhones. By the time users are comfortable with tweaking their iPhones, a massive amount of sensitive data may be collected without users knowing. The irony of this situation is that many international customers who have jail-broken their iPhones are at risk as well; further driving home Apple’s point of not using jail-broken iPhones.

The fix to the virus is very straightforward, it requires a simple change of password of the SSH client to anything besides the default password. Although a very straight forward fix, it also raises an interesting junction for Apple. The massive popularity of the iPhone has driven up profit margins for Apple; a significant portion of this chunk is attributed to the international market.

Apple’s actions here can dictate loyalty to a potentially massive customer segment that would switch to legal iPhones rather than jail-broken devices. A software update to patch this problem would remind customers that they should always purchase legal devices with a friendly warning. This would be similar to a gentle slap on the hand to consumers, and may increase the loyalty and brand image of Apple amongst users.

A draconian approach would be let the jail-broken devices accessed by the virus allowing data thieves to run amok while emphasizing the heavy-handedness of Apple. Harsh in nature, it would certainly highlight the need to purchase Apple-endorsed iPhones. It seems likely that Apple will attempt to resolve the issue amicably for all iPhone users, but the potential for such action does exist.

The secondary focus of this situation is the re-emphasis on the security of the iPhone. Although the virus only affects jail-broken devices, it does not bode well for the iPhone platform. Considering the number of users on the iPhone and the numerous micro-transactions that occur thanks to unlimited data plans and the App Store, a sizable amount of financial and identity-related data is available on iPhones. Maintaining the integrity of the data is paramount.

Although Apple has a growing share in the smartphone OS, it does not mean the entire Apple product line is vulnerable to malicious attacks. Mac OS X does have an anti-virus program, VirusBarrier X5, emphasizing the need for protection against malicious attacks. There is a need to secure the platform regardless of the legitimacy of iPhones or not. With the competition heating up on all fronts, including Android, webOS, BlackBerry and Windows Mobile; any flaw in the iPhone OS will be highlighted and emphasized.

Has anyone experienced the Australian version of the “Rick-Roll” for their iPhone? Other jail-broken iPhone users should immediately change their SSH passwords to prevent malicious attacks. Let us know what you’re thinking, leave a comment below.