According to Sophos, the antivirus company, iPhone owners in Australia have found their “jailbroken” phones to have been infected by a worm that changes their wallpaper image to a picture of 1980’s pop singer Rick Astley. In addition, the worm makes attempts to infect other jailbroken iPhones within the same network. The worm does this by making an SSH connection to the jailbroken phone using the default password of “alpine”.
While it’s important to note that iPhones that haven’t been jailbroken aren’t vulnerable to the worm, it does point out a weakness of sorts that Mac users would do well to think about. Apple has gone out of its way to make the iPhone easy for non-technical users to pick up, understand, and use. The hacker community has, similarly, made it relatively easy for non-technical, less-security-conscious individuals to hack their phones for use on other networks. What those less-technical people are now learning the hard way is that the iPhone isn’t impervious to attack. By either not learning enough about securing their jailbroken iPhones, or not believing the devices could be attacked, these individuals have become victims of malware. Fortunately, it’s not particularly malicious malware in this case.
The lesson for Mac users is similar. Apple has taken a powerful UNIX operating system and made it easy to use (both in the iPhone and the Mac). Even if you want to argue that the built-in security of Mac OS X is very strong, it only takes a careless software install to leave an opening in the Mac’s defenses that malware can exploit. For example, users who downloaded a pirated copy of iWork ‘09 also unknowingly downloaded a Trojan. If they’ve been listening to Apple’s advertising hype, they probably believe the Mac is immune to all malware, or that Apple somehow has them magically protected. This may explain why experts determined in April 2009 that a “zombie Mac botnet” is active on the Internet, consisting of many infected Macs.
Without question, Windows is the overwhelmingly popular target of malware authors. For every Trojan on Mac OS X or Linux, there are probably thousands for Windows. It would be foolish to operate a Windows PC on the Internet without a firewall, antivirus software, and other such protections. But it’s equally foolish to believe that the Macintosh is somehow magically immune to malware. It’s far, far less common on the Mac, to be sure. However, “less common” doesn’t mean “non-existent”. The Trojan and botnet examples discussed above are proof of that. A smart Mac user will recognize the potential for a malware infection (however slight) and take appropriate steps to protect against it. Just like your homeowner’s insurance, it’s the sort of thing you hope you never need to use, but it could save your proverbial backside if something goes wrong. If you disagree, well, it’s your computer and your data. Best of luck to you.