First iPhone Worm Found: Australian Jailbreakers Targeted
9:39 am, November 9th, 2009, Ed Sutherland
Credit: William Hook/Flickr
The first worm aimed at the iPhone has appeared. The worm is described as mostly innocuous, initially targeting unsecure jailbroken iPhones in Austrialia.
The worm’s creator, a hacker identified as “ikex” switches your wallpaper for an image of Rick Astley, a 1980-era pop star. Astley, who sang the 1987 hit “Never Gonna Give You Up,” may be better known for the Internet prank known as “Rickrolling.” The bait-and-switch replaces an ordinary video with one of Astley.
In the iPhone’s case, the hacker displays “ikex is never gonna give you up,” followed by comment’s in the worm’s source code urging people to upgrade their phone’s security.
“The world’s first iPhone worm is hardly a true criminal exploit,” according to Forbes. “Instead, it seems to be half warning, half prank.” In the source code, the hacker wrote: “People are stupid, and this is to prove it so.” The worm affects only iPhones using the default SSH password allowing phone-to-phone file transfers.
Although this version was deemed harmless, such may not be the case for variants produced from the released source code. “They might have a nastier payload than just changing your wallpaper or might try password-cracking to gain access to devices where the default password has been changed,said Mike Hyponen, a researcher with F-Secure.
This summer another iPhone exploit was discovered by security researcher Charlie Miller which used the handset’s ability to send binary code via SMS, potentially turning the Apple devices into a gateway for access to the phone’s camera, dialer, messaging and Safari.
This latest security report comes just days after news that Apple is seeking a new security head for the iPhone platform. The Cupertino, Calif. company posted ads on its Web site looking for “a very technical and hands-on leader, someone with a passion for understanding security exploits and coming up with innovative methods to create secure platforms.”
[Via Forbes and AppleInsider]
Posted by Ed Sutherland in News | Comment on this article
Maybe it’s time for a new term: dupeware. That’s these programs that require a cooperative idiot to intentionally install software that sabotages their own computer. It seems a lot of these dupeware authors have figured out a lot these “geniuses” who want to display their savvy by buying new Apples are really just idiot poseurs (whoda thunk?).
Or maybe it should be “geniusware,” to better reflect those pinheads who install jailbreaks so they can have an extra hour of talk time and brick their $500 phones.
imajoebob, on November 9th, 2009 at 12:05 pm
Is it really an exploit if it requires you to do something that is not recommended by the manufacturer (jailbreaking)? I don’t know, maybe it’s just me, but all these Apple “exploits” require you to do something stupid or somewhat illegal (jailbreaking) so isn’t it the users own fault if something bad happens to their phone/computer?
Bobby, on November 9th, 2009 at 3:18 pm
You’re both wrong.
The fact of the jailbreak itself doesn’t have anything to do with the exploit. All the exploit did was take advantage of the fact that many of the people doing the jailbreak wouldn’t bother to change the default ssh password when they were finished. It’s all about the password.
Blaming it on the jailbreaking process is like is someone setting up a home network without changing the manufacturer password from “password” or “admin” and blaming the fact that the network isn’t secure on the wifi protocol.
Here in Atlanta substituting a Comcast 2Go Metro plan for AT&Ts substandard service and even crappier customer service means unlimited 4G internet which can be used for anything -calls, text, instant messaging, web surfing, streaming, downloads, anything- PLUS 12Mbps home service for $50 month.
To duplicate the same unlimited service on an ATT plan at slower 3G speeds would cost $150 a month. Over a 24 month contract that’s a savings of $2,400 even before you factor in the home service.
If you subtracted the $20 a month Comcast charges per month for 12Mbps home service or the laughable $43 AT&T charges for half that speed the savings are even more substantial. $720 & 168 respectively vs. $3,600.
Who’s the dupe?
Daniel, on November 9th, 2009 at 7:43 pm
Jailbreaking is forbidden in three different religions.. Hence, doing so is a blasphemous act..
I don’t know if it’s really considered an exploit if you willingly jail break your phone.. I mean, jailbreaking comes with it’s own pros and cons, so complaining about an exploit would just raise a question.. “Still want to Jailbreak?”
As much as i want to, i don’t think I will.. I’m happy with Apple’s way of the highway, so far, and nothing made me change lanes.. I do miss the connectivity of Bluetooth and the ability to exchange pictures with the CrackBerry users, but I guess the Internet Cloud is filling up those gaps..
Anony, on November 10th, 2009 at 3:03 am
does anyone know the theme to that jailbroken iphone up there? hehe
hrag, on November 10th, 2009 at 8:25 am
@ Daniel – You make a good argument for jailbreaking your iPhone but it doesn’t change the premise of my argument: The user has to be stupid to be exploited using an apple product.
Bobby, on November 11th, 2009 at 11:33 pm