Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Ikee Worm Rickrolls Jailbroken iPhones

Created: 09 Nov 2009 19:06:16 GMT • Updated: 23 Jan 2014 18:31:28 GMT
Symantec Security Response's picture
0 0 Votes
Login to vote

On the heels of a similar iPhone attack by a Dutch teenager, an Australian hacker (using the same technique) has written the first iPhone worm for jailbroken iPhones. The worm has been dubbed “Ikee” and uses the default SSH password of jailbroken iPhones to log in and spread. Please note that this worm does not impact iPhones that have not been jailbroken.

Many users who have jailbroken their iPhones in order to customize them have not changed their SSH password, allowing others to log in to their phone. In the case of Ikee, the worm scans random IP ranges and also specifically targets Optus, Vodafone, and Telstra's IP ranges, which are the common telephony providers in Australia. Once a vulnerable iPhone is found, the worm changes the wallpaper to a picture of Rick Astley (a prank known as Rickrolling), deletes the SSH daemon, and begins scanning the network for other vulnerable phones. Note that some of these telephony networks use NAT (network address translation)—such that iPhones may not actually be reachable by Ikee's scans.

asto.jpg

Unfortunately, the first variant worm also had a slight bug. This bug can cause the background of an infected user’s iPhone to be picked up and sent to new infections, instead of the picture of Rick Astley. Later variants of the worm corrected this problem.  

Jailbreaking your iPhone obviously has risks, which we’ve discussed previously. If you do decide to customize your iPhone, be sure to change your SSH password afterwards and understand that you run a greater risk of infection.