Rick Astley plagues Aussie iPhones

“First iPhone worm” never gonna run around and desert you – it could well be a test worm for further attacks, Sophos says

Rick Astley is plaguing Australia again, this time, in the form of the world’s first iPhone worm, according to security firm Sophos.

The worm, ‘ikee’ changes iPhone owners’ wallpaper and replaces it with a photo of ‘80s Stock Aitken Waterman creation Rick Astley and the message “ikee is never going to give you up”.

In a blog post on the company’s site, Sophos’s Graham Cluley wrote that the worm – so far confined to Australia - is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH.

Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again.

“What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, 'alpine'. In fact, it would be a good idea if you didn't use a dictionary word at all,” Cluley wrote.

The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH, Cluley says.

(See a slideshow on the Motorola Droid vs. Apple iPhone 3GS)

Sophos reports that at least four variants of the worm code have been written so far, with one variant trying to hide its presence by using a filepath suggestive of the Cydia application.

According to Cluley the source code is littered with comments from the author suggesting the worm has been written as an experiment, as one of the comments berates affected users for not following instructions when installing SSH.

“Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper,” he wrote. “However, that doesn't mean that attacks like this can be considered harmless.”

Cluley warned that while the worm does not appear to be malicious, iPhone users should be on guard as other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm.

“Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload,” he wrote. “iPhone users may rush into jailbreaking their iPhones in order to add functionality that Apple may have denied to them, but if they do so carelessly they may also risk their iPhone becoming the target of a hacker. My prediction is that we may see more attacks like this in the future. Indeed, only last week we saw hacked iPhones in the Netherlands being held hostage for 5 Euros.”

Australian iPhone users have begun reporting their experience with the worm, flooding Internet forum Whirlpool with posts about their Rick experience.

“Work up this morning and turned on my iPhone to find out I've been Rick Rolled,” user Jimbo posted. “Needless to say I've changed my ssh password and will follow these steps … as well and will restore sbsettings in due course..”

User sierralpha wrote: “So i woke up this morning to find that the wallpaper on my Jailbroken 3GS had been changed to a picture of Rick Astley (some 80's singer?) with the words 'ikee is never going to give you up' (the lyrics or title form a song of his).”

In a separate blog post, Whirpool poster Joshua D of ISP JelTel wrote that Rick Astley had in recent years, become very popular on the internet in a bait and switch game, known as RickRolling.

“RickRolling is a game in which users all over the world provide each other with links to a video of Rick Astley's "Never Gonna Give You Up" during a general conversation, generally pretending as if the link was related to the current topic of conversation,” he wrote.

The post notes that there are two common denominators for iPhone users who have been infected - they all have hacked iPhones (known to the hacking community as "JailBroken", and they all use an SSH Daemon, allowing users to connect to their phone's remotely, and attempt to login.

“The problem doesn't lie within either the JailBreak, or the SSH Daemon, it is a combination of both AND leaving the default root password for the iPhone as alpine,” he wrote.

What's your RickRolling experience? Found a fix to Rick? Email Computerworld or follow @computerworldau on Twitter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags iPhonesophoswormRick Astleymobile threats

More about AppleetworkMotorolaSophosSSH

Show Comments