IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Rick Astley iPhone worm spreads into the wild

The iPhone suffers its first ever worm attack, and Rick Astley's involved.

Rick Astley bug on iPhone

The first iPhone worm has been created, which is now spreading in the wild.

So far confined to Australia, security firm Sophos said that the Ikee' worm spreads into jailbroken phones, changing the lock screen wallpaper to an image of pop star Rick Astley with the message "Ikee is never going to give you up."

The worm will break into a jailbroken iPhone if owners haven't changed the default password, which is alpine'. Once the worm is on an iPhone it will attempt to find others on the same network and install itself again.

"This isn't a proof of concept," said Sophos senior technology consultant Graham Cluley. "It has infected real people, who went on the internet to try and find out what to do."

The creator, 21-year old Ashley Towns from New South Wales, has admitted infecting 100 iPhones.

A message inside the worm says that he did it out of "boredom" and found it ridiculous that he was able to find that 26 out of 27 accessible iPhones were vulnerable due to having the default password.

"It looks as though it will be confined to Australia," Cluley said. "But someone could take the code and make it work in other countries as well. I think the bigger danger is if somebody takes the code for more malicious purposes. So it would be possible to take this code and maybe steal information."

He added: "You wouldn't change the wallpaper for instance, so you wouldn't know if you've been infected."

Cluley said that the source code was available on the internet. The worm's creator also said on Twitter that people were already asking for the code.

"If you do jailbreak your iPhone, you must make sure you do it securely and change your route password," added Cluley.

The expert said it was important to stress that if you haven't meddled with your iPhone in a low level way, then you should be safe.

Cluley said: "Maybe in the future, Apple should consider shipping the iPhone without a default password which everyone uses. Why should all iPhones all have the same one?"

He added that in the enterprise many people brought consumer technology like the iPhone in even if it wasn't officially authorised. He warned businesses that they needed to make them secure to prevent a worm like this spreading and taking company data from the devices.

IT PRO blogger Davey Winder has blogged about the worm here.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to incorporate password protection into your security strategy
Sponsored

How to incorporate password protection into your security strategy

3 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022
The psychology of secure passwords
Sponsored

The psychology of secure passwords

14 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022