First iPod Linux Virus Detected

9 04 2007

VIA – First iPod Virus Detected

Hmm

The virus, which has been named Podloso, is a proof of concept program which does not pose a real threat.

The virus is a file which can be launched and run on an iPod, the company said in a statement, published on its web site.

In order for the virus to function, Linux has to be installed on the iPod. If the virus is installed on the iPod by the user, the virus then installs itself to the folder which contains program demo versions. Podloso cannot be launched automatically without user involvement.

Once launched, the virus scans the device’s hard disk and infects all executable .elf format files. Any attempt to launch these files will cause the virus to display a message on the screen which says “You are infected with Oslo the first iPodLinux Virus”.

I don’t use the iPod Linux hack, Podzilla, but this could be the start of something beautiful and maybe devastating to the P2P music community.  I say devastating because if some RIAA freak decides to use this concept to screw with the file sharing folk then everyone will be too afraid to share files.  Anyway, The concept is like any other VX, you unwittingly install a file that infects the some of your files making life more annoying.  For now the Linux virus is not automatically launched, but it shouldn’t be a small leap to an automatically launched version.  Now take this idea and make it more dangerous, say a worm that bricks the iPod, either forcing a complete restore or just killing the iPod all together.  Not too much of a leap from displaying an image, no?

Now if this could be done with the “operating system” on an iPod, then you could do some real damage.  Of course there are files that can be loaded onto an iPod and when you connect the iPod to your PC you infect your PC, but I’m talking about the reverse.  The only tool I can find so far for actually diddling with the iPod software is the iPodwizard app, which can actually modify apple’s firmware, which you then reload onto your iPod, except the 2nd gen Nano cause the firmware is encrypted on those.  However, iPodwizard doesn’t have the capability to edit anything on the actual iPod, its more like modding an XP install disc. Being able to read/run the system files on the iPod, found in the iPod_Control folder on the actual iPod drive is what one would need to be able to do.  The problem with doing this on a PC or Mac formatted iPod, with no hacks, is the iPod’s weird native (for lack of a better word) operating system.  It might be easier on a Mac, with a Mac formatted iPod, to glean some ideas from the Podloso virus cause its linux and Mac OS X is really a solid unix core, but I don’t know too much about mac hacking.  The last Mac I had was a G3 beige tower, before they started making the cases all fancy, and you had to learn resource editing to hack anything.

I’ve run a couple of the control files through some reverse engineering apps and all I get is HEX code from a binary load with no functions or assembly code.  The “system” file is pretty much useless, unless you want to change your serial number or some other crap.  The only thing I can recognize are the regular file extensions like mp3, m4a, m3u and that’s pretty much it.  I’ll have to look further into this to see if its possible or already been done.  But its a good start for something to fiddle about with when you’re bored😉


Actions

Information

3 responses

13 04 2007
hmmm

I think you are a cock.

14 04 2007
therealdonquixote

kthx

15 06 2012
Ronaldinho

Very interesting details you have noted , regards for posting . “Curiosity is the key to creativity.” by Akio Morita.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: