While listening to the latest SecurityNow! podcast from the TWiT Network, Steve Gibson the host of the podcast and security expert mentioned there was not only one but two new iPhone worms that aren’t just changing wallpapers like the ikee iphone worm reported a few days ago. This time, the worms are stealing personal information such as your contacts, photos, text messages, email and even music. Currently, there’s only two known worms but more are definitely expected.

The worms aren’t named in the podcast, but these are serious worms. This affects jailbroken iPhones running OpenSSH and the only way to prevent from getting attacked is by changing the root iPhone ssh password or to uninstall OpenSSH

Transcript from the podcast. Credit: grc.com

STEVE: Also in news following from last week, and you probably already have heard of this, Leo, the jailbroken iPhone problem that we discussed has, not surprisingly, escalated. We’re no longer changing wallpaper to some random singer from the past. We’re now stealing phone data, including contacts, music, photos, email, text messages, and pretty much everything. There are two known and more expected current worms that are sucking personal content off of iPhones that have been jailbroken where their SSH server password has not been changed.

Remember from last week we discussed this, that the problem is that jailbreaking installs an SSH server, and it has a default password that everyone knows. If you jailbreak your phone and don’t change that password, then your phone literally can be contacted over the Internet, just like you were running a little web server. In this case it’s an SSH server. Someone can log onto your phone and do pretty much what they want. The original problem, which was a worm constrained to Australia, was just changing wallpaper. Not surprisingly, that quickly escalated into much more damaging attacks. So if you do have a jailbroken phone, do make sure you change that SSH password because it’s getting bad quickly.

If you need to know how to change your iPhone SSH password click here

If you want to listen to the episode of SecurityNow!, where these worms are mentioned click here and listen or download the MP3

- source: twit.tv