6 Comments

Summary:

The first iPhone worm has been discovered. It comes to us via Australia, and appears to be limited to that country for now, although it has the potential to spread. It also stars Rick Astley, so to speak. The work changes the iPhone’s wallpaper to an […]

ikee-170The first iPhone worm has been discovered. It comes to us via Australia, and appears to be limited to that country for now, although it has the potential to spread. It also stars Rick Astley, so to speak. The work changes the iPhone’s wallpaper to an image of the 1980s pop singer, who’s enjoyed a recent resurgence thanks to the Rick-rolling Internet phenomenon.

The worm has the ability to break into jailbroken iPhones only. Even if you’ve jailbroken, you still aren’t vulnerable unless you’ve also installed SSH, and not changed the default password after doing so. As a result, only a small fraction of the larger iPhone community is probably susceptible to the “ikee virus,” as it is called in its own source code.

Still, it shows that as the platform matures and becomes more widespread, it also becomes the target of more malicious attacks. Most hackers, like any businesspeople, are interested in the bottom line, and part of that involves targeting the largest group of people possible. With millions of users worldwide, the iPhone is definitely an appealing mark. ikee’s creator, a hacker calling himself “ikex,” cites a different explanation for this particular worm’s creation:

Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn’t anyone RTFM anymore?

In the case of this worm, which only changes the background wallpaper to the Astley photo with the slogan, “ikee is never going to give you up” across the top, Graham Cluley of SophosLabs suggests it’s really only an experiment:

The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them.

While not dangerous in and of itself (it actually sort of provides a service by reminding users to take precautions), it could open the door for similar programs with less innocuous payloads. Hopefully, jailbreak users will learn from the experience and be prepared if someone more sinister tries to do the same thing again.

It’ll be interesting to see whether Apple latches onto this as a means to further decry the evils of jailbreak. If it leads to more serious exploits, it definitely would constitute a good reason to stay on the straight and narrow. In either case, expect to see more security concerns surrounding the iPhone as it continues its commercial success.

  1. My reason to jailbreak are very simple. Apple does not offer the functions I need:

    – biteSMS to get char counter in short messages
    – sbSettings to easily access important settings (WiFi, 3G, location, etc.)
    – Orbit to have an Expose like homescreen swapping
    – Cycorder, video recorder for iPhone 3G
    – Reminder for status bar notifications
    – most important, access to the root folder. That’s the only way to change the boring SMS sounds and TomTom’s voice.

    If Apple would really listen to their customers…

  2. “ikee” iPhone Worm Progeny Not So Harmless Thursday, November 12, 2009

    [...] Written on November 12, 2009 by Darrell Etherington and No one has commented Earlier this week, we reported that the first iPhone worm had been created. It was called “ikee,” and all it did was [...]

  3. The Worm Has Turned: iPhone Exploit Gets Nasty Tuesday, November 24, 2009

    [...] week the news about yet another non-belligerent iPhone worm did the rounds and people responded by saying things like “How silly jailbreaker’s are for not [...]

  4. Apple Approves Video Recording App for iPhone 2G and 3G Tuesday, December 15, 2009

    [...] has commented If you’ve been reconsidering your position as a jailbreaker thanks to recent security threats or Apple’s strong disapproval, there’s now one more reason to consider going legit. [...]

  5. Apple Approves Video Recording App for iPhone 2G and 3G Tuesday, December 15, 2009

    [...] 2G and 3G If you’ve been reconsidering your position as a jailbreaker thanks to recent security threats or Apple’s strong disapproval, there’s now one more reason to consider going legit. Apple just [...]

  6. Macpedia » Apple Approves Video Recording App for iPhone 2G and 3G Tuesday, December 15, 2009

    [...] you’ve been reconsidering your position as a jailbreaker thanks to recent security threats or Apple’s strong disapproval, there’s now one more reason to consider going legit. Apple just [...]

Comments have been disabled for this post