The first iPhone worm has been created, which is now spreading in the wild.
So far confined to Australia, security firm Sophos said that the Ikee' worm spreads into jailbroken phones, changing the lock screen wallpaper to an image of pop star Rick Astley with the message "Ikee is never going to give you up."
The worm will break into a jailbroken iPhone if owners haven't changed the default password, which is alpine'. Once the worm is on an iPhone it will attempt to find others on the same network and install itself again.
"This isn't a proof of concept," said Sophos senior technology consultant Graham Cluley. "It has infected real people, who went on the internet to try and find out what to do."
The creator, 21-year old Ashley Towns from New South Wales, has admitted infecting 100 iPhones.
A message inside the worm says that he did it out of "boredom" and found it ridiculous that he was able to find that 26 out of 27 accessible iPhones were vulnerable due to having the default password.
"It looks as though it will be confined to Australia," Cluley said. "But someone could take the code and make it work in other countries as well. I think the bigger danger is if somebody takes the code for more malicious purposes. So it would be possible to take this code and maybe steal information."
He added: "You wouldn't change the wallpaper for instance, so you wouldn't know if you've been infected."
Cluley said that the source code was available on the internet. The worm's creator also said on Twitter that people were already asking for the code.
"If you do jailbreak your iPhone, you must make sure you do it securely and change your route password," added Cluley.
The expert said it was important to stress that if you haven't meddled with your iPhone in a low level way, then you should be safe.
Cluley said: "Maybe in the future, Apple should consider shipping the iPhone without a default password which everyone uses. Why should all iPhones all have the same one?"
He added that in the enterprise many people brought consumer technology like the iPhone in even if it wasn't officially authorised. He warned businesses that they needed to make them secure to prevent a worm like this spreading and taking company data from the devices.
IT PRO blogger Davey Winder has blogged about the worm here.
