Tuesday, March 6, 2012

ec2-107-21-251-69.compute-1.amazonaws.com what is this?

I had a user come up to me this week with a very weird issue. They had a jailbroken iphone and ever since a few weeks ago, it had been freezing on him. Well my first reply was, thats what you get when you jailbreak an iPhone ;) Actually jailbreaking an iPhone gives you a lot of freedom to do things on it.

Anyways, I looked through the phone and did not find anything odd on it. I then enabled a ssh server on it and connected. I decided to check if the phone was doing any weird tcp connections.

Doing a netstat revealed all. In between the "normal" traffic was one that I had not seen before. ec2-107-21-251-69.compute-1.amazonaws.com
It seemed that connection to this destination was always kept alive. Since the version of netstat on the iPhone does not have options to reveal the PID of the offending process, I was at a loss.

I googled the above address and managed to find some articles that linked it to Viber (this is like Skype). Since SBSetting was already installed on the iPhone, I looked through the currently running processes and found Viber listed. I killed it, and presto! The connection to ec2-107-21-251-69.compute-1.amazonaws.com was no more!

The iPhone was still slow so in the end, the best solution was to install the legit iOS on it :(

