Mon, 09 Nov 2009 First iPhone worm spreads Rick Astley wallpaper
Victims must have jailbroken phone, default password
The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.
However, the worm, known as Ikee, is only a threat to users who have jaibroken their phones to let them run unauthorised software, security experts say.
In fact, Ikee doesn't do anything particularly bad - it changes the victim's wallpaper to a photograph of 80s singer Rick Astley and then seeks out other phones to infect - but it could be modified to do something more dangerous such as stealing sensitive information from the iPhone.
"There is a real danger that someone could take this code and make it do something malicious," said Graham Cluley, a technology consultant with security vendor Sophos.
The worm does not affect most iPhone users; only those with jailbroken iPhones that are running a Unix utility called SSH (Secure Shell) with the iPhone's default password, "alpine," still in use. SSH lets someone connect to the iPhone remotely over the Internet, so installing this software with the default password in place is akin to adding an unlocked back-door to the device.
It doesn't affect users who use the phone in conjunction with Network Address Translation (NAT), a popular networking technology that lets many users share the same IP address.
Security experts have known about this particular risk for some time now. Last week a Dutch hacker started hacking into iPhones that were vulnerable to this attack and demanded €5 (£4.40) for instructions on how to fix the problem.
The worm was written Wednesday by Ashley Towns, a 21 year-old unemployed programmer from Wollogong, Australia. He hadn't heard of the Dutch incident when he released his worm, he said Sunday in an instant-message interview. "It was supposed to be a small prank i definitely wasn't expecting it to get as far as it did," he said.
Towns wanted to make the point that people should change their default iPhone passwords, especially if they're using SSH . "A lot of people especially at first thanked me," he said. "I think most people are relieved its not out to destroy their phone. I have had a few people abuse me though."
He didn't really consider the possible legal ramifications of releasing the code, something he said was "quite naive of me," Towns said.
Once the worm adds the Rick Astley wallpaper, it disables the iPhone's SSH daemon and then looks around and then looks around on the Internet for other vulnerable iPhones to infect.
Tricking victims into playing a video or looking at a picture of Rick Astley - best known for his hit "Never Gonna Give You Up" - is a popular Internet prank called Rickrolling.
It's not clear how many people have been affected by the worm, but Towns said that his phone alone infected about 100 other devices.
On Sunday, security vendor F-Secure said it had no confirmed reports of the worm spreading outside of Australia. F-Secure advises jailbroken iPhone users who want to secure their phones to follow these instructions.
News of the worm first started spreading several days ago, when users on an Australian technology discussion board complained that their iPhone wallpaper had been changed without authorisation.
The worm's code was published Sunday by Joshua "JD" Davison, managing director with Australian ISP reseller JelTel, who earlier published a technical interview with Towns.
The worm may have upset iPhone users, but Apple may not mind. The iPhone's creator has been trying to put an end to jailbreaking for years, saying that it causes security and performance problems.
"They might be a little bit pleased to hear that people have got themselves into hot water," Cluley said.
Check out our new Macworld Mobile site.
Follow Macworld UK on twitter: www.twitter.com/macworlduk
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/ipod-itunes/news/index.cfm?RSS&NewsID=27664
<<prev article | back to news index | next article>>
Latest News
- How to de-worm your Apple iPhone
- Apple confirms special one-day shopping event this Friday - 27 Nov
- 'Godfather of Spam' gets four year prison stretch
- Truphone offers 12 hours of free calls this Thanksgiving
- Parker's intros car pricing app for iPhone, iPod touch
- Meet Bento 3, Apple Store, Regent Street, Wednesday 9 December
- Facebook worm spreads with a lurid lure
- Touch DJ - first full-featured DJ app for the iPhone
- Major magazine publishers coming to iPhone, BlackBerry
- Astute Graphics intros Phantasm CS Publisher plug-in for Adobe Illustrator
- HP reports 18 per cent jump in profit, solid Q4 on services growth
- Shazam intros special edition (SHAZAM)RED iPhone app
iPhone 3G S Video Review
Related News
- Malware enlists jailbroken iPhones for botnet
- Katherine Jenkins - iTunes LIVE From London - POSTPONED
- KT to be first carrier in South Korea to offer Apple's iPhone
- Spring launch for iPod touch with camera?
- Cisco's free iPhone app grabs security feeds
- Money transfers to become hottest mobile app, says Gartner
- Indian eye hospital uses iPhone for remote diagnostics
- Ultimate iPhone/laptop protection from Dragon's Den winner
- Apple tablet not until second half of 2010?
- Royal Crown iPhone case "the ultimate in chic and elegance"
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Macworld reader poll
Based on the rumoured features, will you be buying an Apple Tablet?:
Have your say in the
Macworld forums!
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Orbitsound |
 |
World's most secure PIN protected portable hard drive |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
 |
FREE 30-day trial. Announcing New FileMaker Pro 10. Sleek new look. Intuitive new design. |
 |
Latest Version of Final Cut Studio and Final Cut Server now available - Special Offer !! |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
50% off ebooks |
Comments
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
Comments received
Nicola Tesla said on Mon, 09 Nov 2009
You can remove it from your iPhone by clicking this link:
bit.ly/1628nB
@ Nicola Tesla said on Mon, 09 Nov 2009
Above link only take you to YouTube and RA video youtube.com/watch?v=Yu_moia-oVI
More Rickrolling....
Control FREAKS said on Mon, 09 Nov 2009
"only a threat to users who have jaibroken their phones"
Nice work Apple, your proof of concept worked.
nom said on Mon, 09 Nov 2009
the fact it only affects jailbroken phones means it shouldn't even be headlined as iPhone vulnerability
no doubt there'll be a stream of people ingoring this fact and using story as showing iPhone vulnerability that doesn't exist unless you disable Apple security
Jonah said on Mon, 09 Nov 2009
+1 to nom.
Break your phone and accept the consequences. This is nothing to do with iPhone security.
Jailbreakers deserve Rick Astley.
CFC said on Mon, 09 Nov 2009
-1
If you spend that much you should own the phone, not be on constant hire from Apple.
@CFC said on Mon, 09 Nov 2009
Why not manufacture your own phone then. It isn't on constant hire.
You can buy a PAYG phone
You have a contract that runs out after 18 months. Then do what you want with the phone.
Sounds like you should get a Windows Mobile phone instead - it would suit you better.
@@CFC said on Mon, 09 Nov 2009
No, I binned the iPhone for Android a long time ago. Best move I made.
@@@CFC said on Mon, 09 Nov 2009
Good move. I just swapped as well!
JD
@CFC said on Mon, 09 Nov 2009
So why are you moaning on here then; or does having an Android phone turn you into a troll?
Jason T said on Mon, 09 Nov 2009
@CFC
You can enjoy being a Mac user without being fisted by Apple & the iPhone.
@Everyone said on Mon, 09 Nov 2009
but the point is if you have not breached the leagal contract you signed with your provider and apple then you are safe. the headline should be Jail Broken Iphones.
What next though Kylie?
Richie said on Mon, 09 Nov 2009
I am a offical developer and have an iPhone jailbrak and to me this subject of a iPhone worm is silly it dosn't exist it is for jailbroken phones the iPhone is still safe and Macworld should reword it in away to show users what can happen if they jailbreak the iPhone and should be prepaured for viruses and spyware as it will happen if you disable security witch what jailbreaking is doing in order to place software that apple has not aproved safe
Jailbait said on Mon, 09 Nov 2009
It is a stupid headline that MacWorld should correct. Jailbreak and accept the risks. Stop moaning like kids.
Or don't sign the paper in the first place....
Click here for the latest reader comments
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.