The first iPhone worm has been discovered. It comes to us via Australia, and appears to be limited to that country for now, although it has the potential to spread. It also stars Rick Astley, so to speak. The work changes the iPhone’s wallpaper to an image of the 1980s pop singer, who’s enjoyed a recent resurgence thanks to the Rick-rolling Internet phenomenon.
The worm has the ability to break into jailbroken iPhones only. Even if you’ve jailbroken, you still aren’t vulnerable unless you’ve also installed SSH, and not changed the default password after doing so. As a result, only a small fraction of the larger iPhone community is probably susceptible to the “ikee virus,” as it is called in its own source code.
Still, it shows that as the platform matures and becomes more widespread, it also becomes the target of more malicious attacks. Most hackers, like any businesspeople, are interested in the bottom line, and part of that involves targeting the largest group of people possible. With millions of users worldwide, the iPhone is definitely an appealing mark. ikee’s creator, a hacker calling himself “ikex,” cites a different explanation for this particular worm’s creation:
Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn’t anyone RTFM anymore?
In the case of this worm, which only changes the background wallpaper to the Astley photo with the slogan, “ikee is never going to give you up” across the top, Graham Cluley of SophosLabs suggests it’s really only an experiment:
The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them.
While not dangerous in and of itself (it actually sort of provides a service by reminding users to take precautions), it could open the door for similar programs with less innocuous payloads. Hopefully, jailbreak users will learn from the experience and be prepared if someone more sinister tries to do the same thing again.
It’ll be interesting to see whether Apple latches onto this as a means to further decry the evils of jailbreak. If it leads to more serious exploits, it definitely would constitute a good reason to stay on the straight and narrow. In either case, expect to see more security concerns surrounding the iPhone as it continues its commercial success.