Digg

Discover the best of the web!
Learn more about Digg by taking the tour.

iPhone 1.1.3 Prep is a Malicious File! DO NOT INSTALL

modmyifone.com — Do not try installing the 1.1.3 iPhone Prep, it will do nothing on install, and on uninstall it will remove 20+ binaries (mostly those of Erica Sadun's utilities) from your iPhone's /bin/ dir

Bury

mortinelli 182 days ago, made popular 182 days ago

1062 diggs
digg it

125 Comments
Who Dugg It?
Blog It
Email It

literaryCop, on 01/06/2008, -3/+10Thanks to DeathHobbit and francis on mmi for pointing this out
- phatvolvo, on 01/11/2008, -0/+1shoes
Sparblaze, on 01/06/2008, -21/+3Who would make such a thing. What idiots. Stop using this source if you are using it. The people who make JMCO are morons.
- Sparblaze, on 01/06/2008, -12/+3Another thing I just found out. The person behind this is an eleven year old. STE Packaging talked to the elven year old's father. Lol wow...
- igeoffi, on 01/06/2008, -2/+8digg down. :(
- PathDaemon, on 01/06/2008, -0/+5Looks like someone's never encountered spam, viruses, or tubgirl.
- Sparblaze, on 01/14/2008, -0/+0I find it funny how I get buried when I warn people to remove this source and someone else gets a digg by saying "shoes".
gavinj1999, on 01/06/2008, -12/+4hmmm- teen drama
mavantix, on 01/06/2008, -3/+114When I was 11, I was downloading porn from BBS's. What is wrong with 11 years olds these days? He wouldn't be writing iPhone malware if he was still waiting for his GIF to zmodem download on a non multitasking OS. Just look what high speed internet and easily accessible high quality porn has done.
- Jyushin, on 01/06/2008, -34/+2Did I have a penis at 11?...Hell, do I have a penis now?
  - greenlight2001, on 01/06/2008, -2/+19Our mistake... it's your penis-like clitoris that threw us off... sorry.
    - LiquidFusion, on 01/06/2008, -1/+7Chyna? Is that you?
      - edwartica, on 01/06/2008, -1/+2No, its the main character of the book "Middlesex."
  - PathDaemon, on 01/06/2008, -0/+3If you have to ask, then I must confirm that no, you do not have one — please do not attempt to reproduce.
    - nfxmedia, on 01/06/2008, -0/+2Unfortunately, those are the ones who do.
- Gaulven, on 01/06/2008, -1/+13You had ZMODEM? When I was that age we just had XMODEM... and we loved it!
  - Blackforge, on 01/06/2008, -0/+2Oh yeah? I used Kermit! KERMIT I say!
    
    Well on my first dialup to a University Internet connection to a VAX/VMS server before they started doing PPP.
- m1ss1ontomars, on 01/06/2008, -4/+1i still haven't figured out how to use BBSes...oh well....
- LegendarySock, on 01/06/2008, -4/+3Wow you people are OLD!
DiggLive, on 01/06/2008, -88/+120But... the iPhone runs OSX and everyone knows OSX is immune to malware.
- soopafly, on 01/06/2008, -54/+18Aww.. poor Windows crybaby :-(
  - SigmaDraconis, on 01/06/2008, -7/+10YHBT. http://www.youtube.com/watch?v=cIpIAX78gig
    - darkzealot89, on 01/06/2008, -1/+1You sir, just made my day.
- zweben, on 01/06/2008, -10/+85OS X is resistant to malware that installs itself. No platform is immune to malware that takes advantage of social engineering to get installed, simply because it is very difficult for software to tell the difference between an action that the user wants to do and an action that the user was tricked into doing.
  
  The only ways I can think of to fight malware that relies on social engineering are to educate the users so they know what sources not to trust, and an OS that is able to identify actions that would cause harm to other software and block them, which I don't think we will have for quite some time.
  - raptordrew, on 01/06/2008, -12/+9Is this not the case for a majority of Windows malware/viruses, too? Not all, I admit, but a good majority?
    - richardhenry, on 01/06/2008, -3/+3No, the majority of malware on the Windows platform takes advantage of system exploits. Especially web-based malware that installs itself through or as a plugin into the browser.
    - pyrates, on 01/07/2008, -0/+3Not anymore with Vista. Now it's about privilege escalation, which OS X is vulnerable to as well. Any OS is when it is designed in that model.
  - Mike89, on 01/06/2008, -2/+8What about the TIFF exploit used to jailbreak the iPhone? Does that count?
    - PathDaemon, on 01/06/2008, -0/+7No, that was a rare but serious vulnerability — which is why Apple's next update resolved it, and why the community jumped in to provide fixes in the mean time.
      - daza, on 01/06/2008, -2/+4It's not rare by any means, the TIFF exploit has been used time after time, other notable instances include the PSP's homebrew hacking -- all started with a TIFF exploit. TIFF is notorious for its exploit possibilities.
      - richardhenry, on 01/06/2008, -0/+3@daza We refer to exploits that affect Mac OS X. Although yes, it wasn't the first (or last) time that it is possible to inject code into a TIFF render.
- hotsoda, on 01/06/2008, -5/+33You're installing binary files that have the power to muck with the entire operating system. This is the very thing Apple wanted to take care of when they announced their official SDK.
  - PathDaemon, on 01/06/2008, -1/+6What's worse is that Installer.app lets packages effortlessly state what they want to happen on install and uninstall (in shiny XML). That's great for legit developers, but can be abused so easily... maybe this is why Apple's never included an uninstall feature in their OSs: letting a program define its own removal is a too-easy entry point for malware.
    - pyrates, on 01/07/2008, -2/+1I don't buy it, not for one minute. This is just someone trying to defend Apple at any decision they make. Stop backtracking already.
- DiggLive, on 01/06/2008, -20/+5zweben: Send that comment to Apple marketing. Maybe they'll get the message and stop with the lame commercials.
  - zweben, on 01/06/2008, -3/+7With the lame commercials that say what? They claim that OS is immune to all malware? They claim that OS X cannot be damaged by a user intentionally installing something that would cause harm? I doubt it.
    - NSMike, on 01/06/2008, -0/+15It amazes me that people expect Apple to cure ignorance.
  - happyseamonster, on 01/06/2008, -2/+6If somebody tells someone to throw their computer out the window and they do it is that a OS vulnerability? There's all kinds of stupid things users may do to their computers. You know, like installing Quicken or Office.
    - DOGPARTY, on 01/06/2008, -3/+3go and cry into your ugly dell keyboard DiggLive
- directive0, on 01/06/2008, -3/+18Yeah Digglive, the Install app is unsigned and unlicensed third party program. The only way you can get to this step is if you jalibreak your phone, which is exactly what they don't want you to do. You really can't chide Apple for this when its situations just like this that they touted as the reason for the whole "closed" system on the iPhone. The stock iPhone firmware is completely 100% impervious to malware, and in comparison to a jailbroken phone, a fair bit less usefull.
  
  And all it does is remove non essential third party files.
  - Firehed, on 01/06/2008, -1/+4Actually, the stock iPhone firmware (at least up through 1.1.1) had an image rendering exploit that allowed the easiest jailbreaking ever by using it for "good". Any malicious person could just as easily have used the same exploit to rm -rf / and murder the phone.
    
    The only real issue with the jailbroken phones is that applications are effectively running as root, or can do so very easily if you haven't changed the stock root password. Apple could (and may very well) change the permissions in /Applications so that only the root user has access to that folder and force all apps to have their data somewhere else - basically how it's already done but without the permission model.
    
    In honesty, it's a risk with pretty much any program. You can install the thing legitimately and it could still be malicious. How much damage it can do varies by the system's file permissions and whether the user authenticates if it runs up against a permissions check. Look at programs like AppZapper - they're DESIGNED to completely trash applications, and you don't have to authenticate to run or use them (though if it automatically tried to empty the trash, that may not be the case). In that case, it's being used for good. Without escalating permissions, the damage any program can do is relatively limited - but if you then go ahead and type in the root password, there's no limit to the damage done.
    - awhiteflame, on 01/06/2008, -0/+1"Look at programs like AppZapper - they're DESIGNED to completely trash applications, and you don't have to authenticate to run or use them."
      
      Actually, you still do if you don't have proper permissions. I know that I have had to authenticate AppZapper (and not the Trash).
  - aussiedigger, on 01/06/2008, -0/+3100% impervious?
    
    Famous last words.
- virtualball, on 01/06/2008, -1/+22Seriously, this isn't OSX's fault, it's the idiots who install unknown apps. I could easily open Terminal and write "sudo rm -rf /" if I wanted to, but that's not a virus, that's an idiotic action. This is why I only installed the community sources on my iPhone, if I need another app, I'll sftp it to my phone ;)
  - tyywebb, on 01/06/2008, -1/+1Ah yeah so is that just a matter of dragging the .app into the Applications folder or is there more to it than that?
    sorry /noob
  - pyrates, on 01/07/2008, -0/+1You could say the same thing about users of Mac's. They should only install software that they trust.
- m1ss1ontomars, on 01/06/2008, -0/+4I'm not too sure myself, not being lucky enough to own an iPhone, but it doesn't seem as though this bit of malware is harming any of the ORIGINAL OS X, just stuff people have installed...am I wrong?
Typhoon2009, on 01/06/2008, -12/+15I don't have an iPhone but I'd imagine that I'd be pissed if this happened to me... dugg
wukillabee, on 01/06/2008, -27/+2pwned!
- TheWorm, on 01/06/2008, -0/+6Please take your dumbass comments elsewhere...Youtube perhaps. We don't want you.
- JoeDiggsIt, on 01/06/2008, -0/+3Ok, wukillabee, you showed up a few days ago and haven't gotten a comment over 0, so please, please, GTFO OFF MY DIGG.
  - SKick, on 01/06/2008, -2/+1You're keeping count? I'm starting to feel productive...
smurf22, on 01/06/2008, -4/+51The dumb ass 11 year old copied some code mucked with it, and probably thought hey cool I created something malicious. It will be so funny if I brick peoples phones.
Superbaddigger, on 01/06/2008, -9/+1Since when have we decided to "prep" our devices before installing? Was this going to give a good "stretch" to my on board ram and make it run faster?
- bjtitus, on 01/06/2008, -1/+4The iPhone 1.1.1 firmware had a OneTouch prep to give the upgraded 1.1.2 firmware a backdoor so it could be rehacked. Preps are there in order to allow for hacking the upgraded firmware.
internetworld7, on 01/06/2008, -26/+6I would disregard all malware warnings on anything that Apple makes. Apple hardware, whether iPhone, iPod and especially rock solid Macs are impenetrable to hackers and malware for ALL ETERNITY.
- neuber, on 01/06/2008, -5/+2...what world do you live in?
  - iDiggIt42, on 01/06/2008, -3/+2One with plenty of delusion-causing drugs, evidentially. I want in.
  - Nuhaus, on 01/06/2008, -2/+7Thinking he's somewhere around the planet Sarcasm.
- JackondaRocks, on 01/06/2008, -3/+6You better be sarcastic cause if not, you're an idiot.
  - MacParrot, on 01/06/2008, -0/+1I thinking it's possible for him to be both
- yabos, on 01/06/2008, -0/+1You're a moron.
Books, on 01/06/2008, -17/+4Wait, so INSTALL iPhone 1.1.3 Prep?
/haha
daishin, on 01/06/2008, -3/+43"it will do nothing on install, and on uninstall it will remove 20+ binaries" more like DO NOT UNINSTALL
- shovelihave, on 01/06/2008, -2/+2DO NOT WANT
kreatre2007, on 01/06/2008, -9/+19eh... I never install anything on my iPhone that doesn't come from Apple anyway. When Apple releases the SDK for the iPhone, then it will be safer to install third party stuff.
- digudown, on 01/06/2008, -20/+7In the meanwhile you would suck Steve Job's dick.
  - happyseamonster, on 01/06/2008, -2/+9You know what homophobia really means don't you? It's Ok to be yourself. It's OK, really. Go ahead cry on my shoulder. No, not my lap, my shoulder. Ok, that's enough. Go back to your uncle.
    - simVsim, on 01/06/2008, -5/+1Homophobia is a propaganda term.
    - stevealford, on 01/06/2008, -7/+3What makes you automatically assume he's being homophobic? He never said that sucking dick was a bad thing, just that sucking Steve Jobs' dick was a bad thing. Perhaps YOU are the one with the issues from your uncle that make you assume that other people mean what you're thinking when they say that.
      - happyseamonster, on 01/06/2008, -0/+1Pop psychology. It's a joke, retard.
  - kreatre2007, on 01/06/2008, -1/+2OK. That was offensive. Buried and reported.
Luminoth, on 01/06/2008, -1/+70Nice work validating Apple's reasoning for wanting to keep the thing locked up. ***** moron kids.
- ilgaz, on 01/07/2008, -0/+2No, this promises some "enabling", this is the exact opposite. If it was an open device, stuff coded ordinarily on XCode 3, who would need to get a "enabler"?
thebellmaster1x, on 01/06/2008, -8/+6So, I don't actually own an iPhone (or any Apple products aside from an iPod and an AirPort), but, hey, I'll digg it just to get the word out to those who do.
relsseigk, on 05/13/2008, -18/+5No it wont. Buried as inaccurate. I've seen numerous commercials from Apple that explicitly say that their products do not have problems like this.
- DOGPARTY, on 01/06/2008, -2/+3It didn't unless you go out of your way to hack it moron
  - fauxXenophanes, on 01/06/2008, -1/+1How else do I get Skype on it, and not activate the Evil Empire (AT&T)?
aaabatteries, on 01/06/2008, -7/+1I want to meet that kid...
- sspooner, on 01/06/2008, -3/+1Well, if his phone number on his domain registration is valid, maybe his address is too.
- tian2992, on 01/06/2008, -5/+1I want to beat the hell out of that script kiddie
sspooner, on 01/06/2008, -4/+15What a jackass. Apparently his phone number is valid on his domain registration, I dare say his address is too.
- ilgaz, on 01/07/2008, -0/+1Do you people actually believe it is really his address there? It must be some innocent guys home address. Anyone can put any address to domain registration. Nobody checks/cares.
  - insertAliasHere, on 01/08/2008, -0/+1He did put his own phone number on it...
happyseamonster, on 01/06/2008, -0/+12In other news: Intuit announced Quicken for the iPhone.
- kreatre2007, on 01/06/2008, -3/+1Quicken sucks. I wouldn't trust Quicken on a calculator let alone a PC or Mac.
dansmeek, on 01/06/2008, -1/+23all he did was use some xml code. he didn't actually make any binaries.
some people have some code called "erica's utilities" which i believe are some terminal commands and whatnot.
the kid used a binary of one of the earlier releases of erica's utilities and used some XML code to make the installer say "1.1.3 prep" and then link to a mirror of an old installer code. i'm wondering if the kid had any idea he was doing something malicious and possibly was just trying to show off to his friend "look i made an iphone program."
this file is not as malicious as it sounds... it simply causes erica's utilities to stop working, as when you "uninstall" this program it will "uninstall" erica's utilities but installer will still think they are installed.... thus you will have an icon that has no program linked to it.
- BHSPitMonkey, on 01/06/2008, -0/+1Just the entry in Installer. Erica's Utilities doesn't have an icon, only command-line tools.
- ilgaz, on 01/07/2008, -0/+1What kind of RISC/ASM code are you expecting at 2007 from those trojan kiddies?
Jeffrr, on 01/06/2008, -7/+4Thank You
Hutson, on 01/06/2008, -11/+2In other news: new malware installs itself on Vista users' computers, without the consent of the user! Why hasn't this been dugg? Oh thats right............yeah.
Jareth86, on 01/06/2008, -11/+5Malware? On a mac?!!
- reaperhatch, on 01/06/2008, -3/+2it's more likely then you think.
- damnyooneek, on 01/06/2008, -2/+6been using osx for years and haven't run into anything. no virus or security program except a firewall. even when i click yes on the spyware/malware pop ups all i get is a blank file on my desktop. i love it.
kiwimonk, on 01/06/2008, -0/+3I don't have an Iphone, but I appreciate alerts of malicious stuff being posted on digg! Since I don't read any other news.. Thanks!
- snax, on 01/06/2008, -0/+3You probably should read other news - Digg (however great) is heavily skewed towards technology and stories for entertainment. Fun, but ultimately unimportant. I do like the political slant though, heh.
- ilgaz, on 01/07/2008, -0/+2You can't believe how many serious security tips, alerts got buried especially at Digg/Apple by so called fans. Getting serious security alerts is easy, start with http://www.cert.org
ImTheKey, on 01/06/2008, -2/+1People do anything to feel like they are the powerful bad guy, but maybe one day they'll realize this isn't a comic book and they just made their selves look like douche bags.
frosted, on 01/06/2008, -6/+1now Apple will say "see? if you don't BUY your software and hack your iPhone to install free stuff, it will mess up your phone!"
- SATURN, on 01/06/2008, -0/+1It doesn't mess up your phone. It merely uninstalls Erica's Utilities. And even if it did mess up your phone, a few clicks in iTunes will restore it to factory condition.
gsadamb, on 01/06/2008, -2/+10When I was 11, I got grounded for staying up too late or watching movies I wasn't supposed to. Not for writing malicious code!
CStanton, on 01/06/2008, -2/+0assbags.
blergle, on 01/06/2008, -1/+5We need a name for such things to help people deal with them better in the future - oh wait we do!

It's called a TROJAN! First trojan for the iPhone!
digitallysick, on 01/06/2008, -0/+2figured it was a matter of time before someone put a malware program in the iphone repositories
arma, on 01/06/2008, -1/+1It was apple who did it, just so they can tell people about it at this year's Macworld.
Also I see they hate Erica too.
gomem, on 01/06/2008, -1/+3It's been commented that OS-X the iPhone's (and iPod Touch) 'OS' is immune to malware. Not so. Remember the iPhone runs OS-X as ROOT and every app. thats installed also runs as ROOT and so has the power to delete/corrupt EVERYTHING. Apple will have to fix this before any SDK can be released, either by running the apps. as a non-privileged user, or in a secure sandbox.
- waluigi14, on 01/06/2008, -1/+5It's "OS X", not "OS-X". But yes, allowing apps to run as root is dangerous (of course, it wasn't designed to run 3rd party apps in the first place, hence the running as root).
- blergle, on 01/07/2008, -0/+2iPhone security model is basically 'Windows 95'. Any app can do anything.
masbestiaquetu, on 01/06/2008, -1/+1mirror?
Brandyn1233, on 01/06/2008, -1/+1www.duggmirror.com
CanOfMDAmp, on 01/06/2008, -1/+1According to the whois on the site, this little ***** lives near me. I really wonder what would happen if I decided to give him a little ring on the phone.
- ilgaz, on 01/07/2008, -0/+1Anyone can register any site under any address. It could be some innocent persons home address.
MatthewGranda, on 01/07/2008, -0/+2Personally I think the problem relies between the keyboard and the chair.
ilgaz, on 01/07/2008, -0/+1This is what happens when you lock a device by excuse of protecting user. We all, people having Symbian, PSP , WinCE devices warned about it and what we got? Some geniuses thinking we are anti-Apple "buried" us. These are the EXACT same things happened to Sony PSP years ago.
alansky, on 01/07/2008, -0/+1First of all, no one in their right mind ever said that OS X is immune to malware. Nevertheless, for the most part there isn't any. That's a fact. If some twisted f*ck succeeds in creating some, well bully for him! iPhone users who insist on unlocking their iPhones or installing all manner of unauthorized hacks are exposing themselves to the possibility of problems. If you can't stand the heat, stay out of the kitchen!
pyrates, on 01/07/2008, -0/+2It seems we have 3 types of people here:

1. I like Apple and don't anybody mess with Apple's products by changing them. You should have kept it as is and worship the ground Steve Jobs walks on like I do. If there is to be any changes to the product, only Apple should change it. Any problems that show up Apple put in there to protect the user, unless Apple fixes it later on that is. Typical Apple fan boy.
2. I love Apple but I also like to tweak their products to do what I want them to do. I think it's great they bring these products to the market, but I am the one that uses them so I should be able to do what I want within reason. This is a typical iPhone hacker.
3. I don't care much for Apple. I like PC's because I either run Windows or Linux. I use a product based on how much I need it, not that it's made by a certain company. Cost is a major factor to me and what I can get the most for my money for the most amount of functionality is best.
- VSLOATHE, on 01/07/2008, -0/+2What if you're a cross between 2 and 3? I'm a FOSS developer who owns an iPhone.
THEKIRKALIRK, on 01/07/2008, -1/+0so i think i got screwed with this.

anyway to fix it?
mrosen310, on 01/09/2008, -0/+1i hacked my ipod touch about 2 months ago and have been worried about something like this for the whole time. My message to the dickwad that did this is ***** you
iPhoneManiac, on 02/18/2008, -0/+1I completely agree with you, It's called a TROJAN! First trojan for the iPhone!

http://iphonegap.com
Login or register to add a comment

Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.

iPhone 1.1.3 Prep is a Malicious File! DO NOT INSTALL

Login or register to add a comment