Feeds

World's first iPhone worm Rickrolls angry fanbois

Hey, jailbreakers: ikee never gonna give you up

  • alert
  • submit to reddit

Internet Security Threat Report 2014

iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that's not easily removed.

The attacks, which researchers say are the world's first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple's default root password of "alpine." In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message "ikee is never going to give you up," a play on Astley's saccharine addled 1987 hit "Never Gonna Give You Up."

Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.

A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday.

"I foolishly had forgot to change my root and user password last time i had jailbroke my phone," wrote one forum participant. In addition to his own iPhone being attacked, he said a flatmate's iPhone 3G was also sullied with the image of Astley. Users who tried to delete the image were chagrined to find it reappear once they rebooted their device.

The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Programs such as OpenSSH, which can only be installed after iPhones have undergone the procedure, can be extremely useful, but if owners haven't bothered to change their root password, the programs also represent a gaping hole waiting to be exploited.

Indeed, a hacker going by the moniker ikee and claiming to be responsible for the worm said here that he wrote the program to bring awareness to the widely followed practice of failing to change the iPhone's password.

"I was quite amazed by the number of people who didn't RTFM and change their default passwords," the unidentified worm writer said. "I admit I probably pissed of [sic] a few people, but it was all in good fun (well ok for me anyway)."

Ikee said the worm disables the SSH daemon so it can't be targeted further.

So far, there are no reports of people outside of Australia getting infected. And the attack appears to do nothing more than Rickroll victims with the Astley wallpaper. But because the writer released source code for four separate variants, it wouldn't be surprising for copycats in other regions to appropriate the attack code and potentially imbue it with more malicious payloads.

Instructions for changing the iPhone's root password are here.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.