ikee Worm Rickrolls Jailbroken iPhones

November 9th, 2009 at 8:49 AM - News by Jeff Gamet

Owners of jailbroken iPhones in Australia are getting a bit of a surprise thanks to hackers that released a worm that "Rickrolls" them by installing a new wallpaper with Rick Astley's face. Only iPhone owners that hacked their iPhone to install unauthorized third-party apps and also failed to change their default password after installing SSH are affected, according to the security research firm Sophos.

The worm works by trying to find other jailbroken iPhones on the same cell phone network. If the jailbroken iPhones are still set with their default SSH password, the worm installs itself and changes the wallpaper to a photo of 80's singer Rick Astley and the text "ikee is never going to give you up."

ikee Image Courtesy of Sophos

The words and photo are a play on the online joke known as "Rickrolling," where someone is tricked into clicking a link that shows a video or Mr. Astley singing "Never Gonna Give You Up."

It appears that at least four variants of the worm have been written so far, and they don't do anything other than install the Rick Astley wallpaper. Since all four variants are available in the wild, however, there is the possibility that someone could add a more malicious payload to the code.

"Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload," said Sophos's Graham Cluley.

This marks the second incident where someone took advantage of the default SSH password on jailbroken iPhones. Last week jailbroken iPhone owners in the Netherlands started seeing a message appear on their screens from a hacker wanting €5. That hack appeared to work like the new ikee hack, too.

These hacks work only on jailbroken iPhones, so unmodified iPhones won't be affected. Users that do jailbreak their iPhones should change the default SSH password to avoid the worm, too.

Since many iPhone owners don't understand the potential security risks involved with jailbreaking, however, there will likely be a large base of phones for hackers to target. "My prediction is that we may see more attacks like this in the future," Mr Cluley said.

7 Observer Comments

Jeff Gamet said on November 9th, 2009 at 9:32 AM:

With sample code available on the Internet, it’s pretty likely that there’ll be plenty copy cat hackers that try their hand at modifying the ikee worm. If you don’t understand what jailbreaking is, aren’t familiar with SSH, and don’t feel comfortable with the Unix command line, it’s a good idea to stick with apps that are available at Apple’s App Store and leave the unauthorized apps that require jailbreaking to someone else.

Tiger said on November 9th, 2009 at 10:53 AM:

A worm with a sense of humor. A sick one, but still. I chuckle a bit.

mactoid said on November 9th, 2009 at 11:15 AM:

The next idiot who goes on a rant about the “injustice” of the Apple application approval process needs the image of Rick Astley tattooed on his/her forehead!

geoduck said on November 9th, 2009 at 11:44 AM:

I am so ambivalent on this one

Worms are bad.
This one really does not damage the system.
Worms are bad.
People did leave themselves open to this sort of thing by jailbreaking.
Worms are bad.
It does have a sick humor about it.
Worms are bad.
This is a good warning to users without real harm.

Maybe it will finally show those people who STILL think jailbreaking is a good thing that it’s not such a great idea after all (yes I’m talking to you Mr. Landau).

Ted Landau said on November 9th, 2009 at 8:00 PM:

aybe it will finally show those people who STILL think jailbreaking is a good thing that it’s not such a great idea after all (yes I’m talking to you Mr. Landau).

Bear in mind that jailbreaking alone doesn’t make you vulnerable to the worm (you have to separately enable SSH as well - and then leave the default password in place).

More to the point, to say that this negates the value of jailbreaking is like saying that, because Apple has to release Security Updates for Mac OS X, Macs are “not such a great idea after all.”

geoduck said on November 9th, 2009 at 8:07 PM:

There are a lot of things I do with systems and servers that are not a good idea for the average user. I know what I’m doing. I would put Jailbreaking in the same class. If you know the risks and know what you are doing and know the precautions you need to take then it’s cool. In this case if one has Jailbreaked (Jailbroken? What would the past tense of Jailbreak be in this case I wonder) your iPhone and activated SSH you likely are a few rungs above the average user.

No offense intended. It was mostly a snarky comment for amusement sake.

computerbandgeek said on November 9th, 2009 at 10:14 PM:

to say that this negates the value of jailbreaking is like saying that, because Apple has to release Security Updates for Mac OS X, Macs are “not such a great idea after all.”

Spot-on. A default jailbreak is not susceptible to this, and when you enable SSH you are warned that you should change your password, and even given step-by-step instructions.

The equivalent on a mac would be if every single computer came with the default password “alpine”. Guess what root password every virus in the world would try first in order to compromise a system?

Page 1 of 1 pages

Commenting is not available in this section entry.

Recent Headlines - Updated February 10th

Wed, 8:00 AM: Analysis - Love It or Leave It: Extremist Views on iPad Obscure the Important Points
7:30 AM: TMO Appearances - Ted Landau Shares Troubleshooting Tips at Macworld Expo
Tue, 9:09 PM: Games - Gameloft’s GT Racing Motor Academy Arrives at App Store
6:27 PM: iPad - Apple Job Posting Hints at a Camera in Future iPads
6:22 PM: Product News - Apple Releases Digital Camera RAW Compatibility Update 3.0
6:18 PM: Product News - Apple Updates iLife ‘09 with Aperture 3 Support, Slideshow Performance
4:53 PM: News - Google Introduces “Buzz” Social Information Sharing Service
4:19 PM: Just a Thought - iPad: A Reason For Being
3:28 PM: News - Google Lowers Nexus One “Equipment Recovery Fee” to $150
2:27 PM: Deal Brothers - Refurbished 13” MacBook 2.13GHz Intel Core 2 Duo: $749
1:31 PM: Jeff Gamet's Blog - Macworld Expo: It’s Our Show, Not Apple’s
10:38 AM: Quick Look Review - Texas Tea for the iPhone and iPod touch

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8GB Kit $275.99, Mac Pro 4GB Kits $145.99! Sale on MacBook and MacBook Pro 8GB kits $459.99! MacBook, MacBook Pro, iMac Mac mini 4GB Kits for $113.99! 1TB SATA Hard Drives for $109.99! Click here
If you own a car, you need CarMD! Catch problems, estimate repairs and more. Now for Mac. $98.99 at www.CarMD.com Save $10 with code TMO1.
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.