Rick Astley plagues Aussie iPhones

“First iPhone worm” never gonna run around and desert you – it could well be a test worm for further attacks, Sophos says

Rick Astley is plaguing Australia again, this time, in the form of the world’s first iPhone worm, according to security firm Sophos.

The worm, ‘ikee’ changes iPhone owners’ wallpaper and replaces it with a photo of ‘80s Stock Aitken Waterman creation Rick Astley and the message “ikee is never going to give you up”.

In a blog post on the company’s site, Sophos’s Graham Cluley wrote that the worm – so far confined to Australia - is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH.

Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again.

“What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, 'alpine'. In fact, it would be a good idea if you didn't use a dictionary word at all,” Cluley wrote.

The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH, Cluley says.

(See a slideshow on the Motorola Droid vs. Apple iPhone 3GS)

Sophos reports that at least four variants of the worm code have been written so far, with one variant trying to hide its presence by using a filepath suggestive of the Cydia application.

According to Cluley the source code is littered with comments from the author suggesting the worm has been written as an experiment, as one of the comments berates affected users for not following instructions when installing SSH.

“Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper,” he wrote. “However, that doesn't mean that attacks like this can be considered harmless.”

Cluley warned that while the worm does not appear to be malicious, iPhone users should be on guard as other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm.

“Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload,” he wrote. “iPhone users may rush into jailbreaking their iPhones in order to add functionality that Apple may have denied to them, but if they do so carelessly they may also risk their iPhone becoming the target of a hacker. My prediction is that we may see more attacks like this in the future. Indeed, only last week we saw hacked iPhones in the Netherlands being held hostage for 5 Euros.”

Australian iPhone users have begun reporting their experience with the worm, flooding Internet forum Whirlpool with posts about their Rick experience.

“Work up this morning and turned on my iPhone to find out I've been Rick Rolled,” user Jimbo posted. “Needless to say I've changed my ssh password and will follow these steps … as well and will restore sbsettings in due course..”

User sierralpha wrote: “So i woke up this morning to find that the wallpaper on my Jailbroken 3GS had been changed to a picture of Rick Astley (some 80's singer?) with the words 'ikee is never going to give you up' (the lyrics or title form a song of his).”

In a separate blog post, Whirpool poster Joshua D of ISP JelTel wrote that Rick Astley had in recent years, become very popular on the internet in a bait and switch game, known as RickRolling.

“RickRolling is a game in which users all over the world provide each other with links to a video of Rick Astley's "Never Gonna Give You Up" during a general conversation, generally pretending as if the link was related to the current topic of conversation,” he wrote.

The post notes that there are two common denominators for iPhone users who have been infected - they all have hacked iPhones (known to the hacking community as "JailBroken", and they all use an SSH Daemon, allowing users to connect to their phone's remotely, and attempt to login.

“The problem doesn't lie within either the JailBreak, or the SSH Daemon, it is a combination of both AND leaving the default root password for the iPhone as alpine,” he wrote.

What's your RickRolling experience? Found a fix to Rick? Email Computerworld or follow @computerworldau on Twitter.

Tags sophoswormsecurityiPhoneRick Astleymobile threats

More about Apple Computers Australia Pty LtdetworkMotorola Australia Pty LtdSophos Pty LtdSSH

4 Comments

Anonymous

1

Did not take long know we have virus for phones now. People who are court making these virus should be throwin in jail or even better shot dead. It bug the crap out of me knowning groverments want kids and family to have computers in there homes but dose not put laws in to protect people from these low lifes.

Not Anonymous

2

Dear Anonymous, the laws are in place and have been for years now. The problem, Mr Ignorant, is not our government or its laws, but that viruses are written by organised criminal gangs who don't care about the laws and cover their tracks so they don't get caught.

Maybe we should introduce laws banning narcotic drugs too?

Anonymous

3

Your headline should read: "Only *JAILBROKEN* phones get virus".

If you don't illegally jailbreak your phone... you will NEVER get this virus.

Why do so many of the articles here have VERY misleading headlines... and then buried
deeply in the text... you'll see that only jailbroken phones are affected?

Anonymous

4

To Mr Anonymous (Mon, 09/11/2009 - 11:40)
You are an idiot. If you get pwned by this worm then you deserve it, don’t jailbreak your phone if you are worried about stuff like this.

To Mr Anonymous (Tue 10/11/2009 - 01:57)
Don’t ever say Never.. it is only a matter of time. iPhones are/have become a major target, much like Windows on PC, thats what happens when you monopolize a market, you draw the attention of the hacking hordes, you want to be safe? go buy a another type of device.

Comments are now closed

Azure services down again

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]