iPhone Worm Hits Australia

First iPhone Worm Hits Australia

By: Brian Prince

2009-11-09

The first known worm for Apple's iPhone is spreading on jail-broken iPhones in Australia. The worm takes advantage of the default password for SSH used by many jail-broken phones and places an image of 1980s pop singer Rick Astley on the device.

The first known worm for the Apple iPhone is sweeping across Australia, and it is taking advantage of default SSH passwords on jail-broken phones.

The attack vector is the same as the one exploited by a Dutch teenager last week in a brief extortion attempt. This time around, the mind behind the attack isn?t doing anything bad?unless you don?t like having English pop singer Rick Astley as your wallpaper.

Once installed, the worm?known as ikee?tries to find other iPhones on the mobile phone network that are vulnerable so it can propagate. On each installation, the worm changes the lock background wallpaper to an image of the 1980s singer with the message: ?ikee is never going to give you up.?

?Ashley Towns, the author of the worm, says he personally infected 100 jail-broken iPhones,? said Graham Cluley, senior technology consultant at Sophos. ?Those iPhones would then have tried to infect other jail-broken iPhones, and so on, and so on.?

The jail-broken iPhones impacted by the worm are running an SSH with the iPhone's default password. Last week, news reports surfaced that a Dutch attacker used the same situation in combination with port scanning and OS fingerprinting to find iPhones in T-Mobile?s 3G IP range to install backdoors on the phones and scare users into paying ?5 (US$7.43) for instructions on how to thwart the attack.

Security vendor F-Secure reported that the latest attack scans a handful of IP ranges, mostly in Australia. As of Sunday, the company had no confirmed reports of the worm outside of Australia. The company noted that there are four variants of the worm, and that Towns has provided full source code for the malware. That means more variants could be forthcoming, and both Cluley and F-Secure agreed the next payload could be worse.

?We can only hold our breath and hope it doesn't happen,? Cluley said. ?Unfortunately the genie is out of the bottle as the worm's code has been published on the Web. It would be relatively trivial for malicious hackers to adapt the code to make the worm more financially motivated rather than mischievous.?

Reply to
News
Loading thread data ...

Superb.

Reply to
Adrian C

To get infected you must

  1. jailbreak the phone
  2. use SSH
  3. not change the password
Reply to
Michelle Steiner

Moral: Don't jail-break your iPhone :-).

Reply to
Per Rønne

more accurately, install sshd and enable incoming connections.

you can use ssh (outbound) and not be at risk, and you don't even need to jailbreak to do that.

Reply to
nospam

it's not jailbreaking that's the issue, it's ssh that is left open with a known password. either don't install ssh or change the password.

Reply to
nospam

What could possibly be worse than putting a picture of Rick Astley on your phone, they haven't got a pic of Larry have they?!!

Mike

Reply to
Mike

Nope, but there's another worm called "Larry" that does turn all your incoming messages into gibberish, lies, misinformation and nonsense. ;-)

Reply to
Your Name

So one of these won't work then ...

formatting link
(sorry)

Reply to
Adrian C

I think that's infected the network at work.

Mike

Reply to
Mike

Partly, jailbreaking /is/ the issue - but of course it is making things worse when ssh has been installed without changing the password ...

Reply to
Per Rønne

jailbreaking is *not* the issue. a jailbroken phone is immune to this exploit if sshd is not installed, or if it is installed, by changing the default password. the problem is *ssh*.

Reply to
nospam

On Tue, 10 Nov 2009, nospam posted:

Of course the problem is ssh and not jailbreaking.

Apple fanboys will pick any excuse to denounce jailbreaking, since jailbreaking defies Apple's walled garden and defying Apple is the Worst Sin for fanboys.

-- Mark --

formatting link
is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote.

Reply to
Mark Crispin

Of course, without jailbreaking, you can't install sshd.

Reply to
Michelle Steiner

"Your Name" wrote in news:hdcg72$vma$ snipped-for-privacy@lust.ihug.co.nz:

It puts a big picture of a Nokia N900 on your screen....hee hee...(c;]

Reply to
Larry

Exactly.

Reply to
Per Rønne

BTW, jailbreaking leads up to other problems. Just look at this:

I quote:

= Please note: Jailbreak iPhones are not equipped to process in-app purchases. =

Reply to
Per Rønne

From what you've linked, it sounds like in-app purchases in their particular app are problematic anyway. A quick Google search didn't f= ind any references to in-app purchases being a common problem for jailbrok= en phones.

Jailbreaking probably causes some problems, but I'd suspect most stem from the particular "unapproved" apps jailbreakers choose to run.

Reply to
Todd Allcock

that's false.

Reply to
nospam

Then tell the Weather Pro developers.

Reply to
Per Rønne

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.