The growing popularity of the iPhone platform can only mean one thing. Nope, it has nothing to do with the flakiness of AT&T (NYSE: T)’s 3G network in San Francisco. It means that we’ll be seeing more iPhone security threats rearing their ugly heads. A new variant of the original “Ikee” iPhone worm, dubbed “Ikee-B,” targets jailbroken iPhones with unsecured SSH passwords. The new Ikee-B worm infects susceptible iPhones and lies hidden until the user visits Dutch bank ING’s website. Once logged in, Ikee-B steals passwords and financial information.

To be clear, only jailbroken iPhones with default SSH passwords are vulnerable to the Ikee-B worm. Previous iPhone attacks demonstrated the need for jailbroken iPhone users to change the default password, but it’s apparently still a big enough security hole to inspire this new bit of malware. Even worse, this version of the worm isn’t just going to “Rick Roll” your homescreen, it has the potential to drain your bank account.

Now, before you panic, keep in mind that Ikee-B is only being reported in The Netherlands. It’s possible that the worm could make its way to other European countries and Australia. More importantly, you can close your jailbroken iPhone’s vulnerability by changing your default SSH password. We have instructions on how to do that here.

Seriously, change your SSH password now!

[Via: MobilitySite]

There’s an iPhone infection going around, so we thought it would be a good idea to post a quick “How-to” guide for changing your jailbroken iPhone’s SSH password. Unlike the Swine Flu, no amount of hand-washing or coughing into the bend in your arm is going to prevent your jailbroken iPhone from contracting a malicious infection. On the plus-side, changing the default password on your jailbroken iPhone should inoculate your handset from current iPhone worms.

If you’re using a jailbroken iPhone, iPhone 3G or iPhone 3GS, and you’ve messed around with SSH before, we highly recommend you change your SSH password.

Here’s how:

1. Since you’re jailbroken, you have Cydia installed on your iPhone. Fire up Cydia.
2. Find the “MobileTerminal” app and install it.
3. Fire up the “MobileTerminal” app from your homescreen.
4. Type in the command “su root” and hit enter (without quotes).
5. When prompted for your password, type in “alpine” and hit enter.
6. Type in the command “passwd” and hit enter.
7. You’ll be prompted for a new password. Enter something you’re likely to remember. Seriously, don’t put down something obscure that you’ll forget – that might come back to bite you later on.
8. Repeat your new password.
9. That’s it! You are now protected from all current SSH backdoor security threats.

The entire process takes maybe a minute, depending on how long it takes for you to download/install MobileTerminal and how long it takes you to type in the above commands. There’s really no excuse for not changing your password.

Jailbroken iPhones beware, if you have SSH installed, you’re going to want to change your default root password quick. Like lickity-split quick. Following the jailbroken iPhone hack that held Dutch iPhones for ransom, another hacker is targeting Australian iPhones that have been jailbroken and are still running the default SSH password. Hacker “ikex” has created what seems to be the first iPhone worm that roots (no pun intended) out jailbroken iPhones and replaces the wallpaper to an image of Rick Astley. The “ikee” worm then looks for other vulnerable iPhones on its network and tries to keep on “rickrolling” on.

If you’re not jailbroken with SSH installed, or your outside of Australia, you’re probably in the clear for now. But, if SSH is something you’ve dabbled with in the past, it might behoove you to change your password as soon as possible.

[Via: EngadgetMobile]

The holiday shopping season is nigh, and you know what that means. Yup, you’ve got weeks of frenzied shopping to look forward to. It also means you’re going to open yourself up to more opportunities to lose track of your mobile phone. In fact, NYC cabbies say that they see more people leaving their cellphones in taxi cabs during the Thanksgiving shopping season than any other time of the year.

With hands full of shopping bags and other goodies, it’s going to be even easier to forget a handset in the back of a cab. Your best bet is to always check your belongings before leaving a cab, but you can also take steps to prevent your mobile device from betraying you by encrypting your data and using strong passwords. Credent Technologies offers the following tips to help safeguard your data, in case you end up losing it in the hustle and bustle of the holidays.

Back-up your mobile device regularly.

If you have important and sensitive company data on your mobile device get your IT department to encrypt it – they can do this remotely – meaning only you can read it!

Use a strong password on all your devices which combine numbers, letters and symbols.

Put your name and number with details of a reward on your device if found and returned.

Use your devices security features – such as the Personal Identification Number (PIN) number which only you know to stop others getting access to it!

Use your head – don’t keep data on your laptop or mobile phone that others could use against you – such as revealing pictures.

Don’t save old SMS or emails on your handset that you don’t need anymore – you’d be surprised how many people keep their default password emails on their mobiles and other hugely sensitive information like PINs, bank account details or passwords!

Check your message folders such as drafts, saved and outbox as there will be lots of information you just don’t need to keep there. Look at your call list – delete any numbers you no longer need.

Physically mark your handset with personal information. This will greatly reduce the second-hand value of the mobile if it is stolen.

Record your IMEI: Every mobile phone has a unique 15-digit electronic serial number that can be referenced by dialling *#06#.

Notify your network carrier AND the police immediately in the event of loss or theft. Tell them your IMEI number and any other identifying features on your phone. (PS – If the device contains company data – emails, customer or employee records, documents, etc. – inform your employer also.  You/They may be required to inform the appropriate authorities or a potential data breach).

Don’t leave your device open to access (e.g. leaving Bluetooth or WiFi on, visible and unsecured).

Despite app discovery services like Chorus for iPhone, the AppStore is a really tough place to eek out a living. That may have prompted one Dutch teen to find a new way to make money from the iPhone – hold them for ransom! That’s what happened yesterday when some T-Mobile (NYSE: DT) iPhone users in the Netherlands found a hacked message on their jailbroken iPhones. The message asked the user to secure their iPhone by paying $4.95 for instructions to remove the message prompt. The hacker didn’t disable the iPhones in any way, but he essentially wanted a ransom for peace of mind (and not seeing an annoying pop-up message at boot). It was an interesting (not ethical, or commendable, but interesting for sure) money-making scheme for all of a day, before the hacker got shut down.

The jailbroken iPhone community comprises no more than a small minority of all iPhone owners out there, but with many millions of iPhones spread around the world, that’s still a sizable community. Seeing as how most of those jailbroken iPhones are still going about their day with the default SSH password, it was only a matter of time before someone tried to make money from jailbroken iPhones.

This is what the hacker posted to his website:

“Dear iPhone user,

Your iPhone is not secure. That’s the reason your visiting this page, isn’t it? Well you can pay me $4,95 at my paypal account PureInfinity92@mailinator.com,  and I’ll mail you very easy instructions on how to secure your iPhone. You can also contact me at PureInfinity92@gmail.com

If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others. And they can send text messages from your number (like I did..), use it to call (or record your calls), and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advise to secure your phone (: Have a nice day!”

The good news is that PayPal suspended his account with haste, making sure that the ill-intentioned teen couldn’t make any money from his scam. The hacker then posted a follow-up to his site, apologizing for his scam and offering his instructions to remove the message (and secure jailbroken iPhones) for free.

The lesson here? Change your jailbroken iPhone’s SSH password. Find out how to do that here.

[Via: ZDNet]

T-Mobile (NYSE: DT) Sidekick users are a loyal bunch. Many have likely even taken on a new 2-year contract with Deutsch Telekom-owned T-Mobile USA just so that they could to put a Microsoft/Danger Sidekick in their pockets. Unfortunately for them, Microsoft (NSDQ: MSFT)’s Sidekick servers have recently taken a nose-dive, taking user data (contacts, photos, calendar, etc.) down with the Sidekick-ship. That could leave Sidekick users singing a different tune.

What’s the big deal? Well, Sidekick handsets need to be linked to the Sidekick servers in order to keep data synchronized. When those servers go down, so does the link. That wouldn’t have been a problem if Microsoft had backed-up the data and restored Sidekick servers back to their pre-crash state. But, it seems Microsoft didn’t get those back-ups in place. It’s puzzling that the company known for its crash-prone Windows operating system wasn’t prepared for a server crash.

T-Mobile USA says that Sidekick users with missing data will have “almost certainly” lost that data forever. Microsoft’s Danger division says that, “Personal information stored on your device such as contacts, calendar entries, to-do lists or photos that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger.” We say its a huge embarrassment for the giant software company.

While this server-outage isn’t the first for cloud-based services, it’s arguably the worst of its kind. We’ve seen outages ranging from Google (NSDQ: GOOG)’s Gmail to RIM’s BlackBerry (NSDQ: RIMM) servers to Apple (NSDQ: AAPL)’s MobileMe service causing headaches users in the past, but this Sidekick crash has actually killed data. With the tech space is increasingly moving towards cloud-storage services that keep all personal data stored on remote servers, the reliability of “the cloud” is all the more important. Especially if it’s for business.

There’s also the possibility that this Sidekick crash could leave Microsoft with enough egg on their face to affect sales of the new Windows Mobile 6.5 mobile operating system. The new mobile OS sports a phone-backup service called “My Phone” that keeps phone data (contacts, calendar, photos, etc.) synced with Microsoft’s servers. If those servers go down and you lose your Windows Phone, things could get ugly. On the upside, Microsoft will probably learn from this whole Sidekick fiasco and make the take the proper precautions with My Phone servers.

We’ve contacted Microsoft for an update on the situation.

[Update]
T-Mobile has gotten service restored, but some data has been forever lost. All customers will get a free month of service, and some will be offered “additional” compensation to “reinforce how valuable [they] are as a T-Mobile customer.”

Here’s T-Mobile’s official statement:

Virtually all data services have been restored. Also, T-Mobile voice and text services were not impacted.

A subset of Sidekick customers appear to have lost data. We do not have an exact number, but we believe it is a minority of customers. We recognize the magnitude of this inconvenience. Our primary efforts have been focused on restoring our customers’ personal content.

Sidekick sales are temporarily on hold as Microsoft/Danger continues to work on maintaining platform stability. At this point, virtually all data services are operational.

All impacted Sidekick users will receive credit for one month of Sidekick data service. We recognize the magnitude of this inconvenience. Our primary efforts have been focused on restoring our customers’ personal content. We also are considering additional measures for those who have lost your content to help reinforce how valuable you are as a T-Mobile customer.

[Via: Reuters]

Ever wanted to use an iPhone for work, but got stuck with the standard issue BlackBerry (NSDQ: RIMM)? Well, Good Technology has made progress on their iPhone application, the back-end management for which was announced in the spring, and was showing it off at CTIA. The app has all the usual fixings, like e-mail (complete with push notifications and tomato splat on the home screen), contacts, and calendar items, all synced up to your enterprise Exchange or Domino server. The Good app uses enterprise standards for encryption like AES, and through a web-based management console, IT admins can manage employee mobility. I’m still dubious on whether or not Good’s admin side is as robust as RIM’s, but even if it’s not, I’m sure it will offer a reasonable suite of tools to work with. No word on pricing just yet, but it should be available in the App Store in the next couple of weeks. For a closer look, check out their data sheet or sign up for availability notifications.

Ruh-roh. RIM has issued notice of a medium-level threat for the native BlackBerry (NSDQ: RIMM) browser that, if you’re not careful, could make you the victim of a phishing attack. The bug basically makes it so a special null character isn’t recognized by the certificate reader, enabling a clever coder to masquarade their site as a usually dependable one, like blackberry.com. You can check to see if your device is eligible for a bug fix by going to blackberry.com/updates from Internet Explorer, but in the meantime, if you’re nervous about the bug, just hit Close Connection when the above dialog box shows up. Or hey, just use Opera Mini Beta 5 because it’s totally awesome.

[via CIO]

Honeywell recently launched a free application for iPhone that plugs into their Total Connect home security system, allowing you to arm and disable, check security camera stills (video coming soon), receive SMS alerts, and switch lights at a guarded area from your mobile. The app, My Keypad, was originally available on BlackBerry and Java-enabled phones, and was made to extend remote security system access beyond the web browser. This sounds like a great service, especially for small-to-medium business owners who want to keep an eye on their operations while away. For more info on My Keypad for iPhone, hit up Honeywell.

You thought Amazon was bad with the Kindle? Well, it sounds like Microsoft (NSDQ: MSFT) will be retaining the right to remotely delete Windows Mobile applications that were downloaded through the Marketplace, but were consequently banned. This isn’t just a good recipe for irate customers, but also developers who are spending $99 for five app submissions, plus extra for international submissions. Of course, we don’t know how often that will happen in practice, since we’re waiting on the Windows Marketplace for Mobile, but if a remote kill switch is, in fact, currently set up, it could potentially become a serious PR headache.

[via MS Mobiles]