Skip to navigation
   
Davey Winder's Blog
RSS

Warning: iPhone worm starts RickRolling

By Davey Winder in Editorial

Posted in Blog, Mobile Phones, Security, Apple on November 8, 2009 at 10:52 pm

Permalink | Author Profile

It was inevitable that the iPhone would eventually fall victim to the bad guys, and that inevitability has been realised as users of Jailbroken iPhones are starting to report being infected with an iRickRolling worm.

The ‘ikee’ worm was first spotted over the weekend in Australia, with users posting to online forums that their Jailbroken 3GS iPhones had changed from the default wallpaper to pictures of 80’s pop singer Rick Astley, he of ‘Never Gonna give You Up’ fame and the very same man who was the focus of the RickRolling Internet meme that started in 2007 and spread like wildfire during 2008.

One iPhone user reported that the wallpaper was actually accompanied by the text: “ikee is never going to give you up”.

Although there are, as of yet, no confirmed reports of the worm spreading outside of Australia, security researchers are sure it is perfectly capable of spreading to any Jailbroken iPhone as long as the default password has not been changed after installing SSH to the device.

Graham Cluley of Sophos says “Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again”.

Unfortunately, analysis by researchers at Sophos Labs would suggest that there at least four variants of the worm code so far, the latest looking to hide behind a filepath which might suggest it is connected to the Cydia application.

Nothing about the worm suggests it has been written with malice in mind, and comments in the worm code itself tend to support this, and the whole Rick Astley thing is annoying rather than malicious. However, it must not be forgotten that this worm is accessing a device without permission and changing data upon it without permission, and breaking the law in many countries as a result.

It should also not be forgotten that as code variants continue to appear it is only a matter of time, and probably not that much of it, before a malicious party uses it to deliver a payload that is a whole lot more troublesome than Rick Astley.

There is no danger to iPhone users who have not Jailbroken their devices, nor to those who have changed the password from the SSH default of Alpine.

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Pingback by IT PRO: Blogs: Davey Winder: Is business ready for the iPhone? - March 28, 2010 on 12:42 pm

[…] continuing use of iPhones (and other smartphone devices) within the enterprise could quickly see iPhone security become a stellar security problem. Not yet rated  Loading […]

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Research Gateway Guardian Internet Explorer Notebooks Nexus YouTube GMail environment compromise millions christmas Developers Johnny Depp Analysis Digg open source chips phishing theft office ASUS virtualisation acquisition Sex Rant eBook PS3 migration Scotland Application economics Olympics remote working Palm Acer iPad money HP crime RATM Digital Footprint XP Palm Pre Big Brother report email privacy virtual machine Space mobile Retail RAM NASA Sony museum Top 500 prison Google Earth nightmare Bill Gates shopping symantec HPC Experiment Microsoft parental control Paris Hilton Browser home botnet Obama Conference Linux statistics Meh Mobile Phone Review archiving universe Government Android Apps Steve Jobs Banned work e Yahoo linkedin Project transactional security Deal Google library Adobe MiniBook Networks outsourcing scareware holidays books Mars fraud OS games ROFL Pirate Windows Phone 7 Series Trousers Jesus Phone black hat search teleworking Madness services Press broadband science Web Development GSM man-in-the-middle Architecture CAPTCHA Intel Data Centre Blog Enterprise IBM storage Europe Supercomputer staffing Beta ISP e-commerce scan VM banking worm MSNBC biometrics iPhone 3GS Music management McKinnon Internet news Software Eee BSI students information remote Business digitise Vista green Licensing dumb fun Kill Switch Programming economy Eee PC surveys trust productivity Mafia support hoax fake size monetisation copyright Top 10 Game Steve Ballmer Video Texting spam family adware The Federation payment server tax Media Harry Potter mail Windows 7 Dell web 2.0 Mobile Phones Facebook Election China hacking Army Energy global Jobs technology survey Kaspersky malware Study stupidity IT Ballmer rootkits social networking Russia xmas Browsers Apple OCR EU meme snooping memory Battery Cisco VeriSign second life Kin gaming hardware iPod Psion Trojan world of warcraft documentation MessageLabs law Funny patent Gartner InfoSec Recall Hack standards Rumour Marketing IDC payments credit crunch credit card fraud Opinion Microchip sick hubdub Noro AMD graphics School President Parenting Porn recession data Education admin gadgets Geeks development cloud Amazon virus avatar Addiction computer Firefox Lotus wifi Blogging Advertising printing Nintendo App Store Tesco Psychic DNS terrorism console workplace Children Windows MSN Patents football SSL network Zango earth hour data protection Flash NBC BOFH Finjan Texas Instruments exploit poll iPhone 3G computing spending code ISPA tech FBI hypervisor innovation hacker web Spotify ID Theft SMS Gadget Voice Michael Jackson computers Netbook IP banks patch management encryption Twitter debian Performance computing worker Military scam campaign Silverlight security virtual world policy stupid politics Employment Kindle smartphone disclosure ecommerce App lawsuit Backlash Health carbon copy iPhone desktop fool help USA betting VPN service Death
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement