Skip to navigation
   
Davey Winder's Blog
RSS

Warning: iPhone worm starts RickRolling

By Davey Winder in Editorial

Posted in Blog, Mobile Phones, Security, Apple on November 8, 2009 at 10:52 pm

Permalink | Author Profile

It was inevitable that the iPhone would eventually fall victim to the bad guys, and that inevitability has been realised as users of Jailbroken iPhones are starting to report being infected with an iRickRolling worm.

The ‘ikee’ worm was first spotted over the weekend in Australia, with users posting to online forums that their Jailbroken 3GS iPhones had changed from the default wallpaper to pictures of 80’s pop singer Rick Astley, he of ‘Never Gonna give You Up’ fame and the very same man who was the focus of the RickRolling Internet meme that started in 2007 and spread like wildfire during 2008.

One iPhone user reported that the wallpaper was actually accompanied by the text: “ikee is never going to give you up”.

Although there are, as of yet, no confirmed reports of the worm spreading outside of Australia, security researchers are sure it is perfectly capable of spreading to any Jailbroken iPhone as long as the default password has not been changed after installing SSH to the device.

Graham Cluley of Sophos says “Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again”.

Unfortunately, analysis by researchers at Sophos Labs would suggest that there at least four variants of the worm code so far, the latest looking to hide behind a filepath which might suggest it is connected to the Cydia application.

Nothing about the worm suggests it has been written with malice in mind, and comments in the worm code itself tend to support this, and the whole Rick Astley thing is annoying rather than malicious. However, it must not be forgotten that this worm is accessing a device without permission and changing data upon it without permission, and breaking the law in many countries as a result.

It should also not be forgotten that as code variants continue to appear it is only a matter of time, and probably not that much of it, before a malicious party uses it to deliver a payload that is a whole lot more troublesome than Rick Astley.

There is no danger to iPhone users who have not Jailbroken their devices, nor to those who have changed the password from the SSH default of Alpine.

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Pingback by IT PRO: Blogs: Davey Winder: Is business ready for the iPhone? - March 28, 2010 on 12:42 pm

[…] continuing use of iPhones (and other smartphone devices) within the enterprise could quickly see iPhone security become a stellar security problem. Not yet rated  Loading […]

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Video Firefox Media worm Top 500 world of warcraft Army MiniBook Mobile Phones Parenting search Digg Children gaming ecommerce Bill Gates Nexus VPN Research Acer remote graphics earth hour e-commerce family Johnny Depp xmas parental control fool Windows Recall hypervisor BOFH Intel FBI Guardian Scotland Deal Windows 7 fun survey productivity HPC environment biometrics Russia patent Mars XP President outsourcing Trojan millions Retail computer Geeks Steve Ballmer exploit chips social networking tech size Michael Jackson office iPhone 3G Addiction iPod Education Internet VeriSign Application Performance computing Amazon Analysis terrorism adware spending Blog Kill Switch Opinion Eee PC Voice hardware Music economics Blogging technology Banned desktop Architecture scareware Twitter holidays GMail Government credit card fraud DNS e games network banks Kaspersky Texas Instruments printing Big Brother dumb iPhone 3GS Sex Employment remote working spam Facebook stupid Microchip Advertising console linkedin memory hacker global Jobs OS Developers Jesus Phone cloud Software Mafia Data Centre Nintendo Browsers YouTube malware football Project crime Finjan botnet Noro teleworking trust Web Development workplace scan Battery Enterprise Apps science RATM Game eBook money patch management ID Theft virtual machine Sony AMD Election Trousers debian disclosure work ROFL migration iPad MSN Programming development Rant Mobile Phone library admin PS3 scam privacy policy acquisition students Psychic christmas Steve Jobs Beta App Gadget MSNBC Death The Federation Gartner gadgets Hack Madness politics Olympics statistics web 2.0 shopping symantec documentation Google Earth Conference economy credit crunch banking Porn ISP IP email Military report Linux lawsuit Pirate standards Adobe Eee Gateway campaign Dell Internet Explorer NBC Study payment server EU open source Review surveys RAM Netbook digitise compromise USA Texting fake museum SMS Paris Hilton storage CAPTCHA Health Rumour Silverlight betting Google staffing Patents security encryption Spotify books avatar sick Meh virtualisation universe Networks Zango help Supercomputer mail smartphone news poll Psion broadband InfoSec Experiment Cisco theft Browser man-in-the-middle payments Press Obama mobile web OCR McKinnon management Yahoo computing support second life iPhone service home phishing Marketing green hoax Europe Vista SSL prison black hat IT ISPA Palm GSM recession Lotus fraud VM monetisation Kindle Backlash nightmare information Licensing copyright Business MessageLabs App Store Funny virtual world data transactional security Tesco data protection BSI archiving stupidity Windows Phone 7 Series China Digital Footprint Notebooks Apple wifi Android carbon copy computers Top 10 HP IBM virus ASUS Palm Pre worker Harry Potter snooping hacking IDC Ballmer Flash School Kin rootkits code hubdub NASA meme tax law Space Energy Microsoft services innovation
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement