toggle

AAPL Stock: 519.01 ( + 1.05 )

Printed from http://www.macnn.com

First iPhone worm targets Australians

updated 09:55 am EST, Mon November 9, 2009

Only affects jailbroken devices

The first known iPhone worm has been observed in the wild, reports say. Called Ikee, the worm is considered relatively inoffensive, as it does not steal information or sabotage hardware or software. Instead the package merely changes a phone's wallpaper to a photo of singer Rick Astley before seeking out more points to infect.

The impact of the worm has also been limited to Australia so far, specifically jailbroken phones in the region running SSH while also using an iPhone's default root password. The conditions are similar to those which allowed a Dutch extortion scheme earlier this month; Ikee's author has come forward however, revealing himself as Ashley Towns, an unemployed programmer from Wollogong. "It was supposed to be a small prank I definitely wasn't expecting it to get as far as it did," he comments.

The aim was allegedly to persuade jailbreakers to change their root passwords, thereby making real threats much harder to execute. "A lot of people especially at first thanked me," says Towns. "I think most people are relieved its not out to destroy their phone. I have had a few people abuse me though." The code for the worm has already been published online, which may make it easier to counter.

Apple may use such incidents to support its position on jailbreaking, which it insists is not only a threat to a security but illegal under the DMCA. Critics charge that the locks on iPhone firmware are mainly designed to funnel users to the iTunes Store, where Apple receives royalties for music, movies and applications. Unofficial software markets nevertheless exist for jailbroken iPhones.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. climacs

    Joined: Dec 1969

    +2

    aieeeeee!!!

    Avert your eyes! It's Rick Astley!

  1. bleee

    Joined: Dec 1969

    +1

    Just sell legally unlocked phones.

    If Apple just sold legally unlocked phones like it does in Hong Kong, than this wouldn't be a problem. The problem is there are no options, I'm sure there are people who would gladly shell out the $650 to buy a legally unlocked phone so that they don't have to deal with jailbreaking.

  1. Gazoobee

    Joined: Dec 1969

    +7

    hmmm...

    I'm sure you get more page hits this way, but isn't it a bit misleading to *not* mention that this worm is only a threat to jail-broken phones in either the headline or the lead copy? You're just panicking people and revving things up when you make them click on your story only to find out it's not really an iPhone worm at all but a worm specifically for illegally hacked iPhones. Don't be part of the problem, try reporting things as they actually *are* and suffering a few less (panicky) page hits.

  1. dliup

    Joined: Dec 1969

    +5

    @blee

    It's not about unlocking. Plenty of people unlock their iPhone without installing openSSH.

    Besides, OpenSSH contains explicit info to change root password.

    So this is a problem ONLY for the noobs that can't follow simple directions.

  1. Marook

    Joined: Dec 1969

    -6

    Not a Worm!

    Simply logging in with a known password can hardly be called a 'worm'.. well, sure it tries to move on, but nothing has been hacked!
    It simply logs in, sets a desktop picture and moves on..

  1. mr100percent

    Joined: Dec 1969

    +2

    A small prank?

    A small prank does not start scanning IPs to infect more devices. If he thought it wouldn't get far based on such an effort, he is either a fool or realizing how big of a deal he got himself into

  1. testudo

    Joined: Dec 1969

    +2

    Re: Not a worm

    Wait, it connects to the phone, does it's thing, then tries to replicate elsewhere. If that isn't a worm, what is?

    And how does one go from "sets a desktop picture" to "nothing has been hacked". Um, the desktop picture has been hacked.

  1. WiseWeasel

    Joined: Dec 1969

    +5

    Vulnerability = OpenSSH + Default Root Password

    In order to be vulnerable, ALL of the following conditions need to be met:
    1) iPhone must be jailbroken,
    2) User must install OpenSSH from the Cydia (or other installer app) repository, and
    3) User must ignore the warning dialog they were presented when installing OpenSSH, instructing them to change the default root password.

    Most users who jailbreak do not install OpenSSH, and so are not vulnerable to this "exploit".

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Linksys EA6900 AC Router

As AC networking begins to makes its way into more and more devices you may find yourself considering an upgrade for your home network ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Ooma Office small business VoIP

Voice over IP (VoIP) services have been around for a very long time. Only recently has the implementation become a bit more robust, al ...

toggle

Most Commented