First iPhone worm targets modified handsets
The first known computer worm written for Apple's iPhone currently is infecting iPhones in Australia, swapping out the device's background image with that of 80s singer Rick Astley.
The contagion, dubbed "Ikee," spreads only among iPhones that have been "jailbroken," a process that removes the device's software protection mechanisms and allows iPhone users to install applications that are not available through Apple's official App Store.
Ikee spreads not through any vulnerability exactly, but by exploiting a feature that many users of jailbroken iPhones likely never took the time to understand or read about. Most of the software packages that users install in order to jailbreak their iPhones come with a service known as Secure Shell (SSH). This service allows the devices to be accessed remotely over the Internet with a special password. The trouble is that the most common jailbreaking software installs SSH using a default password. As a result, users who jailbroke their iPhone but never changed the default password are vulnerable to being "Rickrolled" by this worm, or worse.
Although Ikee is relatively harmless, experts say the payload in this attack could have been a great deal more dangerous and invasive. Also, while the current versions of Ikee only scan for victims on specific 3G wireless networks in Australia, future iterations may be reconfigured to attack jailbroken iPhones on networks in the United States and other countries.
"The creator of the worm has released full source code of the four existing variants of this worm," wrote Mikko Hypponen, chief research officer at Finnish anti-virus firm F-Secure Corp (image above courtesy F-Secure). "This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed."
F-Secure notes that Ikee disables the SSH service on infected iPhones, thereby preventing reinfection. The company has posted instructions for changing the default password on jailbroken iPhones, available here.
Graham Cluley, a senior technology consultant at security firm Sophos, said it probably won't be long until other iPhone worm writers jump on the bandwagon.
"My prediction is that we may see more attacks like this in the future," Cluley said, noting that just last week a Dutch hacker used the same iPhone feature to send alerts to affected users of jailbroken iPhones, offering instructions for securing the devices in exchange for a €5 payment to a PayPal account that the hacker controlled
