Skip to navigation
   
Davey Winder's Blog
RSS

Warning: iPhone worm starts RickRolling

By Davey Winder in Editorial

Posted in Blog, Mobile Phones, Security, Apple on November 8, 2009 at 10:52 pm

Permalink | Author Profile

It was inevitable that the iPhone would eventually fall victim to the bad guys, and that inevitability has been realised as users of Jailbroken iPhones are starting to report being infected with an iRickRolling worm.

The ‘ikee’ worm was first spotted over the weekend in Australia, with users posting to online forums that their Jailbroken 3GS iPhones had changed from the default wallpaper to pictures of 80’s pop singer Rick Astley, he of ‘Never Gonna give You Up’ fame and the very same man who was the focus of the RickRolling Internet meme that started in 2007 and spread like wildfire during 2008.

One iPhone user reported that the wallpaper was actually accompanied by the text: “ikee is never going to give you up”.

Although there are, as of yet, no confirmed reports of the worm spreading outside of Australia, security researchers are sure it is perfectly capable of spreading to any Jailbroken iPhone as long as the default password has not been changed after installing SSH to the device.

Graham Cluley of Sophos says “Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again”.

Unfortunately, analysis by researchers at Sophos Labs would suggest that there at least four variants of the worm code so far, the latest looking to hide behind a filepath which might suggest it is connected to the Cydia application.

Nothing about the worm suggests it has been written with malice in mind, and comments in the worm code itself tend to support this, and the whole Rick Astley thing is annoying rather than malicious. However, it must not be forgotten that this worm is accessing a device without permission and changing data upon it without permission, and breaking the law in many countries as a result.

It should also not be forgotten that as code variants continue to appear it is only a matter of time, and probably not that much of it, before a malicious party uses it to deliver a payload that is a whole lot more troublesome than Rick Astley.

There is no danger to iPhone users who have not Jailbroken their devices, nor to those who have changed the password from the SSH default of Alpine.

12345
Rated: 73.33% (3 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Pingback by IT PRO: Blogs: Davey Winder: Is business ready for the iPhone? - March 28, 2010 on 12:42 pm

[…] continuing use of iPhones (and other smartphone devices) within the enterprise could quickly see iPhone security become a stellar security problem. Not yet rated  Loading […]

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Software payments Gadget support data protection Digg remote working Noro nightmare Networks services computer Business Obama survey Browser Sex OS Energy Johnny Depp prison avatar scam virtual world Jesus Phone report holidays Application museum Patents statistics Psychic Enterprise Paris Hilton RAM Funny VM Architecture Madness Voice second life HPC Retail Vista DNS Microsoft IT Media FBI MiniBook Recall code Firefox SSL remote Steve Ballmer Netbook web Microchip gaming poll Dell open source patch management email information shopping hardware acquisition App Press VeriSign Cisco hubdub outsourcing payment server PS3 documentation games standards recession Opinion ecommerce Developers Russia work policy scan banks ISP School Intel Analysis malware sick Psion development NBC iPad christmas productivity Parenting Web Development Android Internet Explorer Eee PC MessageLabs Health Palm Rant money web 2.0 fake scareware phishing Acer science Steve Jobs BSI Military Addiction Ballmer Windows Scotland Meh Porn social networking Texting Supercomputer Windows 7 eBook linkedin terrorism Trousers data HP snooping e-commerce Data Centre Google Apps OCR Backlash fun RATM YouTube monetisation desktop dumb Texas Instruments Lotus green IDC AMD Children App Store digitise Silverlight worker Google Earth Browsers Finjan archiving credit card fraud Advertising tech spending e computing Kill Switch Tesco Battery patent memory console banking Education migration Review Conference Guardian service Employment surveys office trust Twitter Death wifi Licensing Music chips rootkits credit crunch Olympics Notebooks gadgets lawsuit Government xmas Mobile Phone search exploit broadband Research Big Brother ROFL Adobe Kin China Project McKinnon privacy MSNBC debian virtual machine Rumour transactional security IP mobile hacker Nexus Harry Potter symantec world of warcraft Space Study books hoax Mafia Trojan mail hypervisor Spotify earth hour Election Kaspersky network innovation Hack Marketing theft Deal Game tax ISPA GMail millions iPhone 3GS Gartner economy spam Michael Jackson home virtualisation Kindle IBM Apple virus compromise stupidity Nintendo copyright Digital Footprint stupid MSN adware Blogging fraud betting Linux workplace Amazon Video Geeks Eee Bill Gates carbon copy biometrics man-in-the-middle Banned Facebook computers printing students President Experiment Internet graphics Top 10 news law economics GSM black hat VPN encryption staffing worm CAPTCHA EU Yahoo meme library crime Performance computing BOFH family Programming storage ID Theft Europe Blog teleworking Mobile Phones iPhone 3G Jobs technology global XP Sony management campaign USA ASUS Mars Zango help cloud NASA Army InfoSec SMS football environment universe fool politics botnet security disclosure iPhone admin hacking Top 500 parental control Flash Beta The Federation smartphone size iPod Windows Phone 7 Series Gateway Pirate Palm Pre
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement