Feeds

World's first iPhone worm Rickrolls angry fanbois

Hey, jailbreakers: ikee never gonna give you up

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that's not easily removed.

The attacks, which researchers say are the world's first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple's default root password of "alpine." In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message "ikee is never going to give you up," a play on Astley's saccharine addled 1987 hit "Never Gonna Give You Up."

Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.

A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday.

"I foolishly had forgot to change my root and user password last time i had jailbroke my phone," wrote one forum participant. In addition to his own iPhone being attacked, he said a flatmate's iPhone 3G was also sullied with the image of Astley. Users who tried to delete the image were chagrined to find it reappear once they rebooted their device.

The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Programs such as OpenSSH, which can only be installed after iPhones have undergone the procedure, can be extremely useful, but if owners haven't bothered to change their root password, the programs also represent a gaping hole waiting to be exploited.

Indeed, a hacker going by the moniker ikee and claiming to be responsible for the worm said here that he wrote the program to bring awareness to the widely followed practice of failing to change the iPhone's password.

"I was quite amazed by the number of people who didn't RTFM and change their default passwords," the unidentified worm writer said. "I admit I probably pissed of [sic] a few people, but it was all in good fun (well ok for me anyway)."

Ikee said the worm disables the SSH daemon so it can't be targeted further.

So far, there are no reports of people outside of Australia getting infected. And the attack appears to do nothing more than Rickroll victims with the Astley wallpaper. But because the writer released source code for four separate variants, it wouldn't be surprising for copycats in other regions to appropriate the attack code and potentially imbue it with more malicious payloads.

Instructions for changing the iPhone's root password are here.

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.