Rickrolling Aussie iPhone virus could turn nasty: Sophos

David Braue
9 November, 2009
View more articles fromthe author

iPhone users with jailbroken phones may be vulnerable to a root-level hack after discovery of the first in-the-wild virus for Apple’s iPhone, security vendor Sophos has warned.

Word about the Ikee virus spread quickly through the blogosphere, with reports indicating that the attack is a new form of ‘rickrolling‘, the strangely popular practice of tricking people into watching a video of 1990s pop singer Rick Astley’s video ‘Never Gonna Give You Up’.

Ikee exploits the SSH secure remote access application, which is installed on iPhones by default but normally disabled. Jailbroken iPhones, however, provide access to SSH – and provide a potential open door to the device unless the user has changed the system from its default Apple-set password, “alpine”.

By using this password to log into SSH, an invading application can gain root access to the iPhone and can modify any files it chooses.

At this point, Ikee changes the home screen on infected iPhones to show a picture of British singer Astley – making it more of a nuisance proof-of-concept than a malicious infection. Ikee also attempts to spread itself to one randomly chosen IP address, and appears to turn SSH off after it has finished.

The existence of Ikee was announced today by security vendor Sophos, whose Asia-Pacific head of technology Paul Ducklin is among those warning that the application is a harbinger of bad things to come. Noting that it targets IP address ranges specific to Australian mobile carriers Vodafone, Optus and Telstra, Ducklin said Ikee is likely to provide an attack vector for other, more malicious attacks – especially since its source code is freely available online.

His advice is simple: “If you have a jailbroken iPhone, change your SSH passwords now.”

An interview with Ikee’s creator – a 21-year-old developer said to be from Wollongong, NSW – is available here.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us