Warning: Your iPhone is Under Attack! Here Are Instructions on How to Get Maximum Protection

By , Nov 26, 2009

Let’s be honest, the iPhone has had a pretty long run without being the target of hackers and it’s about time it gets its share of viruses and worms.

A few weeks ago, I wrote an article showing you how to protect your iPhone against hackers. But what happens if you have already been infected? What are the symptoms and how to get rid of them?

In this article, I will show you how to figure out which worm (if any) has infected your iPhone, and how to get rid of it while making sure it never comes back.

This information was first compiled by Patrick Miller of PC World, and I adapted it for the purpose of this article.

Ikee

Ikee was the first virus to target the iPhone. The symptoms are pretty clear: it changes your wallpaper to a picture of Rick Astley. So if you see a picture of a young man with the words “ikee is never gonna give you up”, then look no further, you have been infected by the Ikee worm.

Thankfully, getting rid of Ikee is pretty simple. First you will have to download and install MobileTerminal from Cydia and reboot your iPhone. Then launch MobileTerminal and login with your username and password under your root account. If you haven’t changed it yet (and you should), your username is “root” and your password is “alpine”.

Now follow these commands. Everything is case sensitive so be very careful.

rm /bin/poc-bbot
rm /bin/sshpass
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock

These commands sometimes don’t work. That means you are infected by an alternate version of Ikee. If that’s the case, follow these commands instead:

rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup.so
rm /usr/libexec/cydia/startup-helper
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist

Note that if you have to remove the 4 files above, you will have to reinstall Cydia.

iPhone/Privacy.A

The iPhone/Privacy.A is harder to detect because it doesn’t leave any track on your iPhone. Instead, it can be installed on any computer (even Mac OS X) and it will scan all available networks in search of a vulnerable iPhone to infect.

In order to get rid of iPhone/Privacy.A, simply update and run your antivirus. It should have no problem detecting and deleting it.

Unnamed Worm

The last worm hasn’t been named yet. You can easily figure out if you’ve been infected if your battery is running down abnormally quickly. The reason to this battery drain is that the worm is constantly running in the background in search of other iPhones to spread to over wifi. This one is pretty tricky too as it will change your default SSH password to prevent you from deleting it.

Unfortunately there is no easy fix for this unnamed worm. The only solution at the time is to restore your iPhone and set it up as a new phone (do not restore from backup).

How to Make Sure You Don’t get Infected Again

The best way to make sure you don’t get infected in the first place (or don’t get infected again) is to change your iPhone root password. You may want to refer to this tutorial on how to do this.

I hope this information will be usefel those of you who have been infected, but hopefully you won’t have to use it…

  • Share:
  • Follow:
  • Juan

    The best and 100% certain way to not ever be infected..? DO NOT INSTALL OPENSSH. Simple. If you do, you’re the idiot for leaving the password default. Neither PwnageTool nor Blackra1n installs OpenSSH so this is something the iPhone owner willingly installs.

    • Alex

      And if there is no Openssh does this mean i dont have the virus … Because my battery is killing me and i suspect a virus

  • Adan

    Well, I appear to have gotten the ‘unamed’ worm, as since yesterday the battery started depleting extremely fast (about 1% per minute). Strange thing is, I changed my root password when it was first flagged up a couple of weeks ago.

    Also, unlike reported, also affects me when ‘Edge’ is on, as the battery will drain lightning fast even when Wi-fi is turned off.

  • RICHER

    THANKS! So if u jus change the password on mobile terminal ill b good???? QUESTION HOW LONG DOES IT NORMALY TAKE FOR THE BATTERY ON THE FONE TO DRAIN????????

  • Adan

    @ Richer

    Not long, trust me! Today, one minute I was on 44%, next it was dead. Currently restoring :-(

  • lumi

    i jailbroke my iphone a few days after blackra1n was released, i did not install SSH and i changed root and mobile password using Terminal
    yesterday night before going to bed, i turned off my iphone (battery was 78%) this morning i turned it on and the battery was 8% …. weird, an iphone draining battery while off?
    i am not sure if this was caused by this new worm or is related to some battery problem

    well im currently restoring

  • lumi

    oh, and i changed root/mobile passwords the same day i jailbroke my iphone

  • Dylan

    @Lumi
    Ummm… It
    might be bad connection in the main circut board. Or just a bad battery.

  • Valerie

    Regret jailbreaking ttm. ):
    Still restoring. Anyway, thanks for the help!

  • mothana

    To Adan: I’m having the exact same problem. at first i thought it’s a battery problem. then i restored to factory settings and registered as new phone and the problem was resolved. but this proved to be temporary: the worm keeps on appearing a few days later although i haven’t jailbroken my phone anymore. i tried all means to fix the damn thing.