• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Aussie Worm Rickrolls Jailbroken iPhones


    A programmer in Australia has created a worm that changes the lockscreen of infected phones to a picture of 80s singer Rick Astley. Like the recent Dutch "hack" that replaced users' wallpaper with a demand for money, this worm accesses jailbroken iPhones that are running OpenSSH and are still using the default root password.

    The worm was written by someone who goes by the name of ikee. It works by scanning the IP range of the 3G network the phone is on, then the address ranges of carriers Optus, Vodafone and Telstra, until it finds a running SSH service. The worm then replaces the lockscreen with an image of Rick Astley along with the words "ikee is never going to give you up," deletes the SSH daemon, and begins scanning for another vulnerable phone. ikee noted that his own phone had infected more than a hundred other phones, and there have been suggestions, as yet unconfirmed, that the worm may have spread beyond Australia.

    A blogger posted the transcript of an IRC chat with ikee, in which he explained that he wrote the worm because he "was curious to how far something like this would actually spread." He says that it "was all in good fun (well ok for me anyway)." The blogger also posted the source code of the virus.

    There's no real justification for hacking somebody's phone. It's to be hoped, though, that the increasing frequency of default-password "hacks" highlights the importance of changing your root password and not running ssh when it's not needed.

    image via JD's Thoughts on Everything
    This article was originally published in forum thread: Aussie Worm Rickrolls Jailbroken iPhones started by Paul Daniel Ash View original post
    Comments 87 Comments
    1. Ticko's Avatar
      Ticko -
      Quote Originally Posted by Rescuer View Post
      this is far better than rick rolling YouTube - Kitty Cat Dance
      i have to say greatest video on youtube right now !!!
    1. billchase2's Avatar
      billchase2 -
      Do that many people keep SSH on at all times? I keep mine off and only turn it on if I need to make changes. SSH seems to suck the battery dry if left on all the time.
    1. romeo_herman's Avatar
      romeo_herman -
      Quote Originally Posted by Jahooba View Post
      Thanks for posting how to change the password.

      But why are comments #11 and #12 different? Why does one say "su root" and the other one just "su"?

      (I followed #11 and it worked fine)
      You got it buddy!
    1. jadi929's Avatar
      jadi929 -
      i dont suppose this works on the iphone 2g?
    1. mbaharvard's Avatar
      mbaharvard -
      Quote Originally Posted by jadi929 View Post
      i dont suppose this works on the iphone 2g?
      Works on 'em all. I just SSH in with WinSCP and use Putty to change both the root and mobile passwords.

      When you are connected with WinSCP, just open Putty and it will first ask you a password - type in "alpine".

      Then type "passwd" then your chosen password twice.

      Then type "passwd mobile" and then, again, your chosen password twice. then "exit" to end the Putty session.

      Done.

      And, as has been mentioned, turn off SSH unless you need it - easiest via SBSettings from Big Boss.
    1. c.e.p's Avatar
      c.e.p -
      Yeah this happened to my brothers phone.

      Managed to convince him to finally jailbreak it, about 6 hours later i see this rick roll fella haha...
    1. splodger15's Avatar
      splodger15 -
      Quote Originally Posted by romeo_herman View Post
      the easy way to change the root password is
      install mobile terminal from Cydia
      after finish install press home button to go back to Home screen
      look for mobile terminal then open
      type "su" (without quote)press return
      then password "alpine" (without quote)press return
      now you are logging as root
      type "passwd" (without quote)press return
      type your new password/press return
      retype your new password/press return

      That's it

      after the instruction try to log in then enter password "alpine"
      the system will deny it.
      hope it help.If help please press thanks button.

      Finish change password you can uninstall mobile terminal on your phone.


      Good bye hackers....
      Thanks man
    1. CaptinPoopy's Avatar
      CaptinPoopy -
      "Never gonna give you up, never gonna let you down.. Never gonna turn around and hurt you"
    1. kugi_igi's Avatar
      kugi_igi -
      i think Apple is the one making this controversy
      remember they are now fully fighting against jailbreaking
      and this is one of it,damn it
    1. NegativeBeef's Avatar
      NegativeBeef -
      So is this type of stuff part of apple's plan to combat jailbreakers? lol there needs to be a sticky on this forum on how to change ssh password.
    1. WaLLy3K's Avatar
      WaLLy3K -
      It's not rickrolling if it doesn't install a mod to play a video on the lockscreen.
    1. KartRacer's Avatar
      KartRacer -
      I changed my mobile password too. Never know what else they could come up with. Yeah root has more access but still. Better safe than sorry.
    1. Benzerellie's Avatar
      Benzerellie -
      Quote Originally Posted by romeo_herman View Post
      the easy way to change the root password is
      install mobile terminal from Cydia
      after finish install press home button to go back to Home screen
      look for mobile terminal then open
      type "su" (without quote)press return
      then password "alpine" (without quote)press return
      now you are logging as root
      type "passwd" (without quote)press return
      type your new password/press return
      retype your new password/press return

      That's it

      after the instruction try to log in then enter password "alpine"
      the system will deny it.
      hope it help.If help please press thanks button.

      Finish change password you can uninstall mobile terminal on your phone.


      Good bye hackers....
      Thanks for the info on the root PW change, has any bought and used the IP Firewall in Cydia? Was think of using it...
    1. cuty_kamu's Avatar
      cuty_kamu -
      if i'm not jailbreaked how would i know my SSH is turned on?
      and if it is turn on how would i turn it off without jailbreaking my device?
    1. rwin84's Avatar
      rwin84 -
      Keep on truckin Rick Astley
    1. mnhollie's Avatar
      mnhollie -
      Quote Originally Posted by cuty_kamu View Post
      if i'm not jailbreaked how would i know my SSH is turned on?
      and if it is turn on how would i turn it off without jailbreaking my device?
      You can only SSH if you've jailbroken your ipod/iphone. No need to worry
    1. romeo_herman's Avatar
      romeo_herman -
      Quote Originally Posted by cuty_kamu View Post
      if i'm not jailbreaked how would i know my SSH is turned on?
      and if it is turn on how would i turn it off without jailbreaking my device?
      Just turn off your wifi, you are safe now...
    1. guidenes's Avatar
      guidenes -
      whoa, a close one!

      well i'm in three's network anyway,
      but i already did changed the password and making sure to off it whenever
      altho its not really hacking, but still its scary
      i mean if they choose a spooky joker picture instead of rickroll, it will scare the **** out of me
    1. hollow0's Avatar
      hollow0 -
      Quote Originally Posted by cuty_kamu View Post
      if i'm not jailbreaked how would i know my SSH is turned on?
      and if it is turn on how would i turn it off without jailbreaking my device?
      If you're not jailbroken then you don't have openSSH. So, you don't have to worry about it.

      Quote Originally Posted by romeo_herman View Post
      Just turn off your wifi, you are safe now...
      The phones were scanned through 3G so even if he was jailbroken and had turned his WiFi off he would be found through his 3G connection. Best way to protect yourself is to have SBSettings installed. It comes with an SSH on/off button!
    1. avnyc11's Avatar
      avnyc11 -
      changing your password f's up your phone, do not do it. if beyond fw 1.1.3