Jailbreakers Who Don't Change SSH Password -- There's a Rickroll for That

img0122-1257646906

For iPhone Jailbreakers using SSH to access their devices, but who haven't changed their password from the default, getting Rickrolled by a worm may be annoying, no worse than getting held for ransom by a hacker, but it's a sign that far more insidious and malicious attacks are possible -- so change those passwords now!

Back to the Rickroll. TUAW reports:

A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

And the new background is, of course, Rick Astley. While removal details are included in an interview with the hacker, it's better to be safe than sorry. So, check our iMuggle's tutorial on how to change your SSH password, and change it right away.

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, The TV Show, Vector, ZEN & TECH, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

0
loading...
1
loading...
0
loading...
0
loading...

← Previously

Apple Issues Apple TV 3.0.1 Update to Fix Disappearing Content Bug

Next up →

iPhone 3G/3GS to be Sold at The Shack

There are 30 comments. Add yours.

Stephman says:

You're just as lame as getting Rickrolled!

Joe McG says:

Why would a developer waste their time doing this. Sad little loser...

Justin says:

@Joe
Why would you waste your time commenting on a "sad little loser"? Its basically just promoting security, and informing those that susceptible to fix their hole.

Rob says:

@ Joe mcg
cause it's effing hilarious. If that happened to me, and I just suddenly had Rick Astly as my background, I would die laughing.........and then immediatly change my password

Ben Gillam says:

Congrats Pablo, your a jerk!
On topic, this is quite scary and as JD says it would be beest if pwnagetool/redsn0w/blackrain or hell even cydia forced a password reset.

Waffles says:

I think it's great that the hackers currently exploiting this lack of security seem to have a great sense of humor about it. @Ben Gillam that isn't a bad idea, Cydia would be in a great position to vocally recommend people to change their passwords. I know that while I always have my SSH off, I never changed it's default password until the hijack was reported last week. The awareness is working!

fastlane says:

Cool, I've been searching all over for a good Rick Astley wallpaper. I'm changing my password back to alpine now.

Dick Ghastley says:

...LOL @ Fastlane...maybe I'm too tired but, your comment induced a 15 minute laughing spree during which I almost choked to death...thanks, man, you made my day. Rick mutha freakin' Astley...LMAO.

Oboewan says:

Speaking of root passwords, I installed Ubuntu the other day using Wubi, and Wubi refuses to allow you to install without setting up a root password.

BeeRad says:

So does this mean you guys need an anti-virus suite installed? Hehehe

RON JEREMY says:

RON JEREMY SAYS ALL YOU QUEENS HATING ON PABLO ARE JUST JEALOUS. RON JEREMY SAYS STOP THE HATE.

Michael Denney says:

Pretty funny if you ask me... I think it's a good way to point out the issue without causing any real damage.
Realistically the person could have done much more insidious things.

Mange says:

MADNESS! Iphone sends personel information to the developers of certain apps.
Click my name and check the full story!!!!!

Joseph says:

Sorry for asking... What is SSH??
TIA

Joseph says:

Ok. Found this on tiib
So, what’s SSH?
The first thing you would like to know is what SSH is. SSH stands for secure shell that is commonly used in Unix/Linux environment. You can use SSH to access a remote a computer and execute commands from another machine that may be miles away. Additionally, you can use it to transfer files to the remote computer, just like FTP. I’m not going to dig deep and throw out all the technical details about SSH. But just remember, SSH is a tool that lets you access machine or devices remotely. Here, the device is your iPhone.

plugtwo says:

Count me in as thinking it's hilarious. But I wonder, why has it taken people so long to decide to do this crazy simple hack? Jailbreak has been around for over 2 years! Maybe it's just certain European providers where the 3G smartphones all show up in a particular IP range accepting incoming SSH connections?

icebike says:

One wonders if Apple isn't silently cheering. Maybe sending money.

Thor e says:

Wow. The iphone weaknesses keep coming out of the woodwork. I'd just avoid the thing all together. Too much suckage.
Congrats on being the first smartphone with a virus.

Greyscale says:

iPhone isn't the first smartphone to have a virus, Symbian has had them ages.

Therealtruth says:

@Thor E
how is this an iPhone weakness? This affects people who jailbreak their devices, something apple clearly does not endorse.

PhorZ says:

At least ikee didnt change everyones ring tone to 'Never Gonna Give You Up'.... Now THAT would have been a horrible hack.

bergman says:

Will changing the SSH PW impact future Jailbreaking or installation of any JB apps? Do any of these need the root PW to install?
Simple tutorial and very easy to change by the way.

Joffa says:

Ok, so i've been rickrolled! Not funny when it happens to you. So can anyone point me in the right direction to get this removed, I have changed my root PW and it is still there, need help pls.

iPhone Apps Developer says:

Me pointing out that mobileterminal doesnt work on 3.1.2 serves the purpose to let others know who are running that firmware not to think there is a problem. I tried to boot up MT a dozen times and it would always crash and made the effort to find a fix to realize it doesnt work on 3.1.2.

Facebook Developers says:

First u tell what is jail break password and why they waste their important time on that such things.

Macanudo Cigars says:

I am agree! why people waste time.i am also asking same question as ask by Face book Developers.what is jail break?

Facebook Application Development says:

i think it is somewhat like data hacking but not understand little.

Heather williams says:

fantabulous post .. thanks for sharing ..... :)

bbrian017 says:

I haven't been able to get terminal to launch since 3.1.4 on my 3G Since I have my iphone 4 terminal doesn't even work... Terminal keeps crashing and I can't even change the password.

Dick Ghastley says:

Reason #4782 to not get an iPhone.
Personally, HTC is my favorite company. Anything but Apple. I'm an adult, I already have parents and I don't appreciate the short leash Apple and almost all cellular networks throw around my neck by restricting or flat out denying me the right to do whatever the hell I want with or to my 600+ dollar phone/gadget...besides, Apple is overpriced, overrated and disgustingly trendy...85% of iPhone owners don't use all the phones features...also, if you want to video call/conference one or more friends, everyone must use Facetime, meaning EACH of you MUST have an iPhone 4...something fishy going on...