iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that's not easily removed.
The attacks, which researchers say are the world's first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple's default root password of "alpine.":
http://www.sophos.com/blogs/gc/g/2009/11/08/iphone-worm-discovered-wallpaper-rick-astley-photo/ In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message "ikee is never going to give you up," a play on Astley's saccharine addled 1987 hit "Never Gonna Give You Up.":
Rick Astley - Never Gonna Give You Up (1987)Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.
A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell:
http://code.google.com/p/ikee-virus/source/browse/#svn/trunk People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday:
http://forums.whirlpool.net.au/forum-replies.cfm?t=1315624"I foolishly had forgot to change my root and user password last time i had jailbroke my phone," wrote one forum participant. In addition to his own iPhone being attacked, he said a flatmate's iPhone 3G was also sullied with the image of Astley. Users who tried to delete the image were chagrined to find it reappear once they rebooted their device.
The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Programs such as OpenSSH, which can only be installed after iPhones have undergone the procedure, can be extremely useful, but if owners haven't bothered to change their root password, the programs also represent a gaping hole waiting to be exploited.
Indeed, a hacker going by the moniker ikee and claiming to be responsible for the worm said here that he wrote the program to bring awareness to the widely followed practice of failing to change the iPhone's password:
http://blog.jeltel.com.au/2009/11/interview-with-ikee-iphone-virus.html"I was quite amazed by the number of people who didn't RTFM and change their default passwords," the unidentified worm writer said. "I admit I probably pissed of [sic] a few people, but it was all in good fun (well ok for me anyway)."
Ikee said the worm disables the SSH daemon so it can't be targeted further.
So far, there are no reports of people outside of Australia getting infected. And the attack appears to do nothing more than Rickroll victims with the Astley wallpaper. But because the writer released source code for four separate variants, it wouldn't be surprising for copycats in other regions to appropriate the attack code and potentially imbue it with more malicious payloads.
Instructions for changing the iPhone's root password are here:
http://cydia.saurik.com/password.html(Register)