Results 1 to 9 of 9

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: [ALERT] First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo

  1. #1
    Livin the iPhone Life eddietah's Avatar
    Join Date
    Apr 2010
    Location
    ````
    Posts
    1,298
    Thanks
    615
    Thanked 319 Times in 222 Posts

    Thumbs down [ALERT] First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo
    First iPhone worm discovered - ikee changes wallpaper to Rick Astley photo

    Apple iPhone owners in Australia have reported that their smartphones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley.

    The worm, which could have spread to other countries although we have no confirmed reports outside Australia, is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again

    On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message:

    ikee is never going to give you up



    What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, "alpine". In fact, it would be a good idea if you didn't use a dictionary word at all.

    The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH.



    SophosLabs is analysing the worm's code, which suggests that at least four variants have been written so far. One of the attributes of the latest variant (labelled the "D" version) is that it tries to hide its presence by using a filepath suggestive of the Cydia application.

    The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them.



    Presently it appears that the worm does nothing more malicious than spread and change the infected user's lock screen wallpaper. However, that doesn't mean that attacks like this can be considered harmless.

    Accessing someone else's computing device and changing their data without permission is an offence in many countries - and just as with graffiti there is a cost involved in cleaning-up affected iPhones.

    Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.

    iPhone users may rush into jailbreaking their iPhones in order to add functionality that Apple may have denied to them, but if they do so carelessly they may also risk their iPhone becoming the target of a hacker.

    My prediction is that we may see more attacks like this in the future. Indeed, only last week we saw hacked iPhones in the Netherlands being held hostage for 5 Euros.

    Who wrote the ikee iPhone worm?

    The source code of the worm says at its start:

    / "ikee virus" by ikex
    / Revision: 10 (Variant D)

    A quick trawl of the Whirlpool forum where users are reporting that their iPhones are unexpectedly displaying an image of Rick Astley, reveals a user calling themselves "ike_x".

    According to ike_x's user profile on the Whirlpool forum his nearest city is Sydney, Australia . Further searching on the internet reveals other pages seemingly related to ike_x of Wollongong, New South Wales, using the name "Ash" or "Ashley Towns". For instance, here is a MySpace page and this appears to be Ash/ikex on Twitter.

    The worm's author appears to have realised that people might be interested to learn why he wrote the worm, and posted this explanation inside the code:

    Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn't anyone RTFM anymore?

    There is a certain irony in the notion that a hacker who says he was trying to expose sloppy security by the owners of jailbroken iPhones has done such a bad job of covering his own tracks..

    Source of image of affected iPhone: Batman from the Whirlpool forums.

    Read More
    Click Here

  2. The Following User Says Thank You to eddietah For This Useful Post:

    Bluemoldycheeze88 (2010-08-08)

  3. #2
    My iPhone is a Part of Me Trooper Sam's Avatar
    Join Date
    Jul 2010
    Location
    Somewhere in California
    Posts
    503
    Thanks
    51
    Thanked 78 Times in 62 Posts

    Isn't this news from last year? I remember this Rick Roll attack, and learned to change my SSH password from the reports.

  4. #3
    Livin the iPhone Life Bluemoldycheeze88's Avatar
    Join Date
    May 2010
    Location
    Ventura, California, United States
    Posts
    594
    Thanks
    33
    Thanked 27 Times in 26 Posts

    I hate that rick roll fucker..

  5. #4
    Livin the iPhone Life CaptainChaos's Avatar
    Join Date
    Sep 2008
    Location
    In a van down by the river
    Posts
    4,824
    Thanks
    553
    Thanked 515 Times in 427 Posts

    Lol a blast from the past!

  6. #5

  7. #6
    At least it doesn't change your ringtone.

  8. #7
    My iPhone is a Part of Me Trooper Sam's Avatar
    Join Date
    Jul 2010
    Location
    Somewhere in California
    Posts
    503
    Thanks
    51
    Thanked 78 Times in 62 Posts

    Quote Originally Posted by Songbird View Post
    At least it doesn't change your ringtone.
    Are you kidding? That's the one thing that would put this attack over the top!

  9. #8
    Livin the iPhone Life eddietah's Avatar
    Join Date
    Apr 2010
    Location
    ````
    Posts
    1,298
    Thanks
    615
    Thanked 319 Times in 222 Posts

    I know this is quite an old news but I heard it's coming back again. So thought of posting here to warn all bros

  10. #9
    My iPhone is a Part of Me
    Join Date
    Feb 2010
    Location
    Austin, Tx
    Posts
    812
    Thanks
    60
    Thanked 34 Times in 32 Posts

    So, is the ssh change that Rock does sufficient?

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •