Welcome | Sign In
TechNewsWorld.com
iPhone

New Worm Gives Jailbroken iPhones the Ol' Rickroll

Print Version
E-Mail Article
Reprints
New Worm Gives Jailbroken iPhones the Ol' Rickroll

By Richard Adhikari
MacNewsWorld
Part of the ECT News Network
11/10/09 4:00 AM PT

The Internet prank known as "Rickrolling" has made its way to iPhones in the form of a worm that infects jailbroken versions of the device. The worm is more annoying than harmful -- it even appears to lock the door behind it, preventing similar attacks from slipping in. However, security pros are concerned that a hacker with malicious intentions may exploit the vulnerability the worm highlights.


Although it apparently causes no actual harm besides a trivial annoyance, a worm that hits jailbroken iPhones has security researches worried.

The so-called Ikee worm was discovered by security researchers recently. It installs a picture of pop singer Rick Astley and displays the message "Ikee is never going to give you up" on victims' iPhones. The concept is based a widespread Internet prank known as "Rickrolling."

However, the worm prevents further reinfection by shutting down the vulnerability it exploited.

How the Worm Works

The Ikee worm exploits the SSH, or secure shell, protocol on jailbroken iPhones. SSH is a network protocol that lets two networked devices exchange data using a secure channel. It is primarily used on Linux- and Unix-based systems to access shell accounts.

"The problem is, iPhone users don't think of their devices as being Unix computers," Chester Wisniewski, a senior security adviser at security company Sophos, told MacNewsWorld. "But that's just what it is."

The worm searches for vulnerable iPhones by scanning a handful of IP ranges, most of which are in Australia, Mikko Hypponen, a researcher at security software vendor F-Secure, said on the company's Web site. It attacks jailbroken iPhones whose users have not changed their default root login password.

The worm will not affect iPhones that have not been jailbroken. "Apple has a locked system with whitelisting so this type of vulnerability will only affect jailbroken iPhones," Sean Sullivan, a security adviser at security vendor F-Secure, told MacNewsWorld.

The attack is a variation on a prank known as "Rickrolling." Originally, users in an online discussion were provided a link claiming to take them to a video relevant to the topic but which actually took them to the music video for the 1987 Rick Astley song "Never Gonna Give You Up" instead.

Opening Up Pandora's Box

Sophos identified the author of Ikee as 21-year-old Australian student Ashley Towns, according to senior researcher Graham Cluley's blog. Towns goes by the online handle of "ikex."

His phone had infected 100 others, and he had no idea how fast the worm is spreading, Towns reportedly told interviewers. There are four variants of the Ikee worm, and Towns has posted the full source code of all four existing on the Web. This could lead to a lot of trouble.

"The worm could be used for just about anything," warned Sophos's Wisniewski. "It could send spam, make phone calls, send SMS, or listen to your conversations, for example."

The iPhone's increasing penetration of corporate America may also be cause for concern, Sophos's Wisniewski warned. That's because most enterprises don't centrally manage their iPhones, as these often are purchased by users and then used in corporate business, he explained. "People treat their iPhones very much as a personal device, even if they're using them for corporate purposes," Wisniewski said. "One third of the people I know have jailbroken iPhones."

The Jailbreaking Danger

The Ikee worm may be at least the second exploit using SSH in which the hacker has warned victims that their iPhones are vulnerable. Last week, a Dutch hacker broke into jailbroken iPhones and displayed a message saying their devices were insecure and demanding a ransom of five Euros, according to Sophos.

The Dutch hacker also exploited the SSH vulnerability in jailbroken iPhones, F-Secure's Sullivan said.

Just about all owners of jailbroken iPhones are at risk. "Advanced users install SSH so they can log into their iPhones remotely, but if you install an iTunes App Store app on your iPhone that uses the password table you can also get infected," Jay Freeman, a consultant, told MacNewsWorld. Freeman, also known as "Saurik," is the founder of Cydia, which offers apps for jailbroken iPhones.

Users who have jailbroken their iPhone or iPod touch and installed SSH must change the root user password to something different than the default, which is "alpine," according to Sophos' Cluley.

Just a Tarnished White Knight?

About 75 percent of the hundreds respondents to an informal Web poll conducted by Cluley said Towns was actually doing iPhone users a favor by raising awareness of poor security. "I was shocked," Clulely told MacNewsWorld.

Still, those who approve of Towns' action may have a point. After Ikee infects a phone, it disables the SSH service, preventing reinfection. Towns criticized users for not reading their manuals when he posted the source code to his exploit on the Web.

On the other hand, the worm does suck up user bandwidth, and it is likely going to keep on spreading.

"Now the jailbroken iPhone has proved the concept, it might not be long before a zero-day vulnerability may show up on the iPhone," F-Secure's Sullivan said.

Print Version E-Mail Article Reprints More by Richard Adhikari

Talkback: Be the first to comment on this story.

More by Richard Adhikari

Anxieties Besiege FCC's Broadband Game Plan
March 17, 2010
The FCC has laid out some big goals for America's online future with its recently introduced national broadband plan, and those big goals may come complete with big price tags. Also causing anxiety among private enterprise is the degree of control the government will have to assume in order to put its plan into motion. 		What WinPho7 Won't Have
March 17, 2010
Windows Phone 7 Series is being positioned as a turnaround for Microsoft's mobile platform, which has seen stalled sales in the face of iPhone and Android. Buzz on WinPho7 has been generally positive, though it appears the platform will lack a few hot-button features: cut-and-paste, full multitasking and memory card support. 		Do You Believe in iPads?
March 17, 2010
Whether the iPad will boom or bust is a question hanging on the minds of many Apple investors these days, but the prevailing attitude seems to be one of optimism, judging by recent analyst guidance. Pre-orders also indicate healthy pent-up demand. There's much more to Apple than the iPad, though, and word is Cupertino may be looking at yet another record quarter.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Free eBook: Secure Your Datacenter
Click here to download today.
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside TechNewsWorld
E-Commerce Times
MacNewsWorld
CRM Buyer
LinuxInsider
Today's TechNewsWorld Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.