The iPhone “worm” story that’s been floating around in two iterations is funny.
Update: The “worm” is apparently actually a worm, since it installs code to spread to other iPhones. I was under the impression that the only part of this that touched the device was the SSH login to upload a new wallpaper because I had not heard anything about the manner in which it spread, and the attack could be explained as simply an automated SSH session. Most of the rest of this post is therefore probably wrong, but will remain published.
Since I wasn’t affected by the worm, I don’t know whether the installation exploited a security hole, nor whether (if it did) the hole was there in Apple’s stack, made worse by the jailbreak, added by the jailbreak or added or made worse by packages installed in Cydia or Installer.
For example, would copying over a program that replaced Springboard, the hub application, with a version that calls the attack code be an exploit? The whole point of the jailbreak is to opt-out of, willingly, the checks on application integrity to be able to change the environment. If this is a security concern, it stands to reason that it remains one whether or not it is being taken advantage of, and whether or not it is being taken advantage of for ill or good. (And certainly, Apple could have chosen a smarter way to integrate their approach to security that would have allowed for smarter opt-in modifications and protected against this kind of side-loaded modification; that’s exactly what I’ve been calling for for years.) Knowing those answers would be relevant to the points I tried to make, but I don’t, and I don’t want to speculate further. I just want to show that there’s still a discussion to be had around this point, beyond me getting some of the facts painfully wrong.
I regret the error.
The original post continues:
First, the basics:
- The “worm” doesn’t exploit a technical shortcoming in any one component of the iPhone.
- The “worm” is, in its entirety, someone uploading an image file through a legitimate SSH connection (no expired certificates or man-in-the-middle connections or similar funny business) and changing the iPhone wallpaper.
- The two iterations of the “worm” are two different wallpapers; one with a phony alert saying that the device has been hacked and one with Rick Astley and some similar text, proclaiming a rickroll.
- Someone is able to do this because the owner jailbroke their iPhone, installed SSH and didn’t change the default password.
Apple’s argument — the one they make publicly and makes them look like slightly less assholes — is that “if we didn’t close down the iPhone to the extent that we did, people could break in”. At a glance, this argument is seemingly verified by some of the facts involved: the devices involved have poor security and have been jailbroken.
That argument is bullshit, and it’s invalid. It’s as treacherous as arguing that living in a really poor country cures osteoporosis because a much smaller percentage of the population gets it. In a nutshell: the chances may be much lower, but only because the enabling conditions, which in themselves are very useful and functional, aren’t there to begin with.
It’s not like the iPhone doesn’t have security flaws. These security flaws are exploited in clever ways to allow for the jailbreaking to be bootstrapped to begin with. Once jailbroken, the way the worm enters is through piss-poor security; an SSH setup in Apple’s own firmware with the same poor and widely known default password would be just as bad.
The only fault of the jailbreaking community is to not demand a default password be entered when the SSH package is installed, which would design around the problem ever existing in the first place, but the user eduction is at least attempted since every SSH package I’ve seen comes with clear instructions to change the password post haste.
The “worm” is not only harmless, but not actually a worm since no code is ever executed on the device (as far as I can tell; the actions are technically possible just by uploading two files: the new wallpaper and a new settings plist for Springboard). Apple, by not allowing for the flexible application development that jailbreak application developers seek, has its fair share of what little blame needs to go around.
The only actual security flaw exploited is within Apple’s stack, and it’s the ones exploited for the jailbreak to be installed. The rest is poor security policy on part of the user, which can’t be circumvented in any case. Not even by Apple’s totalitarian effort.
The upshot is that Apple’s effort to make the iPhone secure from things like worms by locking them down made them susceptible to things ‘like’ worms as soon as people tried to pry them open again.
Um, no, Apple don’t install an ssh daemon by default, the jailbreak process does that. Its completely unreasonable to say this is a problem in “Apple’s stack”.
By Jeff Laing · 2009.11.09 03:40
“Um, no”, jailbreaking does not install an SSH daemon by default. It’s a package. It’s opt-in. At least it was the last time I did so; I’ll admit that I haven’t jailbroken since 3.0.
I think you’re misunderstanding what I’m saying. I said very clearly that there was two security problems that was happening: one was technical and one was, for lack of a better word, philosophical. The technical flaw is the one that’s in Apple’s stack, that allows for the jailbreak at all. The philosophical is for people to enable SSH and leave the settings in an insecure state, and you can do this in any system.
My point is this: for all of Apple’s hoopla about security, the facts are that the only technical security flaw is in their stack, not in the jailbreak. Only the spread is jailbreak-specific.
By Jesper · 2009.11.09 07:52
Just wanted to point out that the worm actually does execute code on the infected phones. It uses the infected phone to scan ip ranges in order to find new vulnerable iPhones to infect.
By Jonatan Kronqvist · 2009.11.09 20:24
That changes the equation a bit. I’ve updated the post. I’d like to think that I’m above such factual errors, and I’m pretty sure that no article available at the time that I’d read detailed that the worm actually spread by way of code running on the device itself (which a worm should do), but I was factually wrong either way, and I shouldn’t have been.
That said, I still think that Apple created the market for the worm by making jailbreaking a technical necessity for running certain kinds of applications.
By Jesper · 2009.11.09 23:46