Rick Astley Worm Takes Bite Out of Apple's iPhone

worm SSH protocol

The Ikee worm has only been able to infect iPhones that have been jailbroken by their owners, according to security developer F-Secure, meaning that users have removed iPhone's protection mechanisms in order to run additional software.

"Affected users will find that their iPhone wallpaper has been altered to a picture of Rick Astley (of Rickroll fame) and the message 'ikee is never going to give you up,'" F-Secure wrote on a company blog.

The worm targets jailbroken iPhones that have not changed their default root login password, according to F-Secure, based in Helsinki, Finland. Thus far, the worm has been comtained to users in Australia, the company said.

"It will search for vulnerable iPhones by scanning a handful of IP ranges — most of which are in Australia," wrote F-Secure on its blog.

id
unit-1659132512259
type
Sponsored post

After Ikee infects a phone, it disables the SSH service, preventing reinfection, the company said.

F-secure said the creator of the worm has released full source code for four variants of the worm.

"This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed," wrote F-secure.

According to a blog by Graham Cluley, a senior technology consultant at security developer Cognos, the virus was written by a 21-year-old from Australia.

"If he did write and set loose this virus on the network, he probably ought to be worried, since breaking into other people's computers isn't acceptable - even if they have chosen (or, in this case, Apple has chosen on their behalf) an effectively useless password," says Paul Ducklin, Sophos's head of technology for Asia Pacific, in a statement on Cluley's blog.

Cluley wrote that the Ikee virus is not explicitly destructive and actually turns SSH off, protecting the iPhone against further attacks of this sort. He added that a Dutch hacker recently found a way to log into jailbroken iPhones via the known SSH password and ask for 5 Euros in exchange for instructions to secure your iPhone.

"If you have a jailbroken iPhone, change your SSH passwords now," urges Ducklin. "If you don't have a jailbroken iPhone, you probably also ought to change those passwords, since it makes no sense to have poor passwords pre-configured for any operating system service, whether it runs by default or not. Ironically, it seems that Apple don't want you to do that - just the sort of operational restriction which led to jailbreaking in the first place."