iPhone hacker did users a favour: poll

Three quarters of voters in a poll about the iPhone worm believe that creator Ashley Towns had 'done users a favour'.

A poll by Sophos found that, of 721 respondents, 75 per cent agreed that Towns had ‘done iPhone users a favour. This was an acceptable way to raise awareness of poor security'.

Meanwhile, fifteen per cent hoped he was investigated by the police as ‘when he released that worm he broke the law', while ten per cent believed that he had ‘acted recklessly by releasing the worm – the end does not justify the means'.

A new poll being run on the Sophos website asked whether visitors believed that the iPhone 'will be exposed to more virus attacks in future?' At the time of writing, 1400 people had voted, with 70 per cent saying 'yes', whilst 26 per cent agreed but said that only jailbroken iPhones will be at risk and users who don't tinker with their iPhone will be immune. Only four per cent had said 'no'.

Graham Cluley, senior technology consultant at Sophos, said: “The 21-year-old Australian student who wrote the iPhone worm has acted utterly irresponsibly - even if he now regretted (which he doesn't) releasing a worm into the wild, there is nothing he can do to stop it continuing to try and infect jailbroken iPhones.

“What's worst of all is that the code for the worm is now available for anyone to download. The genie is let out of the bottle - and anyone could write a more dangerous version of the worm which could have a much more dangerous payload."

Cluley later claimed that many people are looking for the worm's source code. He revealed that the top keywords searched for by people ending up on his blog include: 'ikee', 'ikee source code', 'ikee source', 'iPhone worm', 'ikee worm', and 'ikee iPhone'.

“That worries me. After all, who has an interest in the ikee worm's source code? None other than hackers who might want to create more variants of the worm, perhaps with more malicious intentions than displaying a picture of a pop star from the 1980s,” said Cluley.

However, not everyone agrees with Sophos' findings about the seriousness of the worm. Jamie de Guerre, CTO of Cloudmark, claimed that this specific attack is not that interesting as it only compromises phones that users have already hacked in a way that breaks the terms of Apple's end user licensing agreement.

“It does not capitalise on a software vulnerability, rather just on user negligence to change the default password of the remote access software made available after jailbreaking their phone,” said de Guerre.

“The fact that there have not been more serious vulnerabilities compromising the iPhone is a testament to Apple and the mobile operators that provide service.”

See original article on scmagazineuk.com