Skip to navigation
   
Davey Winder's Blog
RSS

Warning: iPhone worm starts RickRolling

By Davey Winder in Editorial

Posted in Blog, Mobile Phones, Security, Apple on November 8, 2009 at 10:52 pm

Permalink | Author Profile

It was inevitable that the iPhone would eventually fall victim to the bad guys, and that inevitability has been realised as users of Jailbroken iPhones are starting to report being infected with an iRickRolling worm.

The ‘ikee’ worm was first spotted over the weekend in Australia, with users posting to online forums that their Jailbroken 3GS iPhones had changed from the default wallpaper to pictures of 80’s pop singer Rick Astley, he of ‘Never Gonna give You Up’ fame and the very same man who was the focus of the RickRolling Internet meme that started in 2007 and spread like wildfire during 2008.

One iPhone user reported that the wallpaper was actually accompanied by the text: “ikee is never going to give you up”.

Although there are, as of yet, no confirmed reports of the worm spreading outside of Australia, security researchers are sure it is perfectly capable of spreading to any Jailbroken iPhone as long as the default password has not been changed after installing SSH to the device.

Graham Cluley of Sophos says “Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again”.

Unfortunately, analysis by researchers at Sophos Labs would suggest that there at least four variants of the worm code so far, the latest looking to hide behind a filepath which might suggest it is connected to the Cydia application.

Nothing about the worm suggests it has been written with malice in mind, and comments in the worm code itself tend to support this, and the whole Rick Astley thing is annoying rather than malicious. However, it must not be forgotten that this worm is accessing a device without permission and changing data upon it without permission, and breaking the law in many countries as a result.

It should also not be forgotten that as code variants continue to appear it is only a matter of time, and probably not that much of it, before a malicious party uses it to deliver a payload that is a whole lot more troublesome than Rick Astley.

There is no danger to iPhone users who have not Jailbroken their devices, nor to those who have changed the password from the SSH default of Alpine.

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Pingback by IT PRO: Blogs: Davey Winder: Is business ready for the iPhone? - March 28, 2010 on 12:42 pm

[…] continuing use of iPhones (and other smartphone devices) within the enterprise could quickly see iPhone security become a stellar security problem. Not yet rated  Loading […]

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

email Facebook virtualisation YouTube outsourcing USA Cisco man-in-the-middle Kill Switch phishing biometrics Parenting technology network economy Opinion Windows Phone 7 Series Space Europe copyright HPC remote working Research Digg NBC OCR Energy hubdub Rant money Nintendo privacy Lotus payments worker Browsers betting spam avatar Kin Sex OS App Eee PC PS3 malware Application code millions FBI symantec President Internet Explorer Kaspersky monetisation environment Gateway credit crunch iPhone tax museum support Johnny Depp CAPTCHA Microsoft virus Flash exploit social networking console Licensing transactional security sick work standards fun admin disclosure Porn xmas HP Big Brother Web Development Mobile Phone Software Military eBook patch management memory data iPhone 3G Mafia archiving holidays home debian gaming lawsuit Twitter Palm Yahoo Adobe workplace teleworking development Windows 7 Windows virtual machine worm printing stupidity shopping carbon copy parental control Finjan Health compromise statistics Microchip McKinnon VeriSign Scotland dumb Kindle Advertising politics office IBM Psion Trojan Digital Footprint Networks Trousers Eee Paris Hilton Top 10 ISPA GSM Ballmer banks Election Project Video service black hat Deal Texting Steve Ballmer desktop world of warcraft RATM Education productivity family Android Madness Obama Google Earth School Army Blogging Dell Harry Potter computing security Zango virtual world Beta Apps Google Intel Firefox Steve Jobs cloud economics Vista IDC gadgets help Banned Analysis InfoSec migration Government Top 500 Geeks Michael Jackson hoax web computers Press Data Centre ISP Patents data protection terrorism news Experiment earth hour stupid Media snooping BOFH Noro patent students football botnet Backlash computer Conference IT Nexus innovation mobile Sony RAM rootkits DNS chips Funny Russia ROFL iPod campaign broadband scareware Guardian hacking survey Apple Tesco credit card fraud graphics Marketing Blog AMD ecommerce e Linux Voice Gartner fool MiniBook second life staffing services fraud hardware Children web 2.0 Netbook encryption poll management Performance computing Notebooks information mail Employment tech search Mars Rumour BSI Bill Gates Addiction Death banking meme science Enterprise Amazon policy library hypervisor remote wifi Recall Hack MSNBC size ID Theft ASUS Psychic storage Jobs Programming VPN Acer China IP iPad open source spending Music scan green Jesus Phone Supercomputer MessageLabs acquisition documentation smartphone books Business linkedin App Store global digitise Internet theft MSN Review nightmare Retail trust The Federation payment server crime SMS Battery Browser SSL recession scam NASA games Game Architecture Study Palm Pre Developers christmas Meh hacker Gadget Olympics universe fake adware Mobile Phones Pirate EU Spotify report Texas Instruments surveys Silverlight iPhone 3GS GMail VM XP law prison e-commerce
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement