iPhone worm Rickrolls Australia

Nov 10, 2009 by Lin Edwards weblog
Apple iPhone 3G

(PhysOrg.com) -- iPhone users in Australia have been hit during the last few days with a worm called "ikee". The worm replaces the default wallpaper with a difficult to remove picture of British singer Rick Astley and a message "ikee is never going to give you up," a reference to Astley's 1980s hit song.

The worm is the first detected that specifically targets the . The worm only affects users who have "jailbroken" their phones to allow them to run authorized software. It appears to spread by searching an affected phone's contact list for other jailbroken phones. Users must have installed the utility SSH (secure shell) and retained the default root password: alpine. SSH allows people to connect to an iPhone via the Internet.

Spokesman for firm Sophos, Graham Cluley, said the worm does not appear to have spread outside Australia. It does little more than irritate affected users, but it does highlight the vulnerability of jailbroken phones, and there is a danger the code could be turned into a more malicious attack.

The worm was written as a practical joke by Ashley Towns, a 21-year-old unemployed programmer from Wollongong in New South Wales. He wanted to make the point that users ought to change their password, especially if they are using SSH. Towns said he was surprised the worm had gone as far as it had, and he had not considered any possible ramifications of the prank.

The worm is a variation on a well-known prank called Rickrolling, in which victims are tricked into inadvertently playing a video of the song "Never Gonna Give You Up" or seeing a picture of Rick Astley.

In another attack on the iPhone, a Dutch hacker used port scanning to identify jailbroken phones running SSH with the default password. The hacker replaced the wallpaper with what looks like an SMS alert that demands money in return for instructions on how to secure the iPhone.

The two attacks should serve as a warning for users who jailbreak their iPhones that it makes them vulnerable to attack.

© 2009 PhysOrg.com

Explore further: Chairless Chair solution offered as leg exoskeleton for work

add to favorites email to friend print save as pdf

Related Stories

The malware attack against mobile phones is mounting

Dec 23, 2004

The security challenges in the mobile environment are similar to the problems we have encountered in the PC world. Open platforms are becoming popular in smartphones, for example the Symbian operating system is used in more ...

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Downadup Worm Hits Over 3.5 Million Computers

Jan 16, 2009

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying ...

Recommended for you

Giant tablets aimed at families

Aug 20, 2014

Costing a little more than an iPad but standing more than twice as tall, a new pair of giant tablets wants families to share cozier group experiences with technology.

Myo armband and smartglasses set for deskless workplace

Aug 20, 2014

Thalmic Labs, Canada-based makers of the Myo armband, has announced the integration of Myo with smartglasses, with the partnership help of a number of companies pairing the Myo with their products. The gesture-control ...

Sharp Aquos Crystal phone: Where's the bezel?

Aug 18, 2014

Just when you thought a fashionable gadget must be somewhat thin, Sharp is going to charm the smartphone fashion-conscious with a crazily thin phone, and it is arriving in the US quite soon. Gorgeous. Cool. ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

Bob_Kob
Nov 10, 2009
This comment has been removed by a moderator.
moj85
1.7 / 5 (3) Nov 10, 2009
But I thought things made by apple were completely and utterly unable to get viruses?!

Oh wait, false advertising.
mjporter
3 / 5 (1) Nov 10, 2009
From what I understand it got in via people who hadn't changed the password on their SSH software from the default. I'm sure any "guarantee" that you won't get a virus doesn't cover your own stupidity using 3rd party software... ;)
RayCherry
not rated yet Nov 25, 2009
Moj85 & Porter, you both make good points. Mac's have been very resistent in the past, even if they were supported by university developed anti-virus software. However, Apple has permitted the reoccurance of a problem they have faced before - third party software being careless about network security. In 1990, Adobe Illustrator (if memory serves) came with a surprise bonus for the Mac. A virus that was supplied by the Apple supply chain direct to users. Today, Apple is heralding the success of the AppStore, but who is really "minding the shop"?

Apple is not alone, and soon other big names will be able to repeat some of the industry's greatest mistakes by providing inadequately tested software to mainstream supply chains - much to the delight of virus writers globally.

Time to take a step back, 'hold the phone', and ask how can we prevent personal disasters for the users, and economic repercussions during this particularly vulnerable period.