New Worm Gives Jailbroken iPhones the Ol' Rickroll

Although it apparently causes no actual harm besides a trivial annoyance, a worm that hits jailbroken iPhones has security researches worried.

The so-called Ikee worm was discovered by security researchers recently. It installs a picture of pop singer Rick Astley and displays the message "Ikee is never going to give you up" on victims' iPhones. The concept is based a widespread Internet prank known as "Rickrolling."

However, the worm prevents further reinfection by shutting down the vulnerability it exploited.
How the Worm Works

The Ikee worm exploits the SSH, or secure shell, protocol on jailbroken iPhones. SSH is a network protocol that lets two networked devices exchange data using a secure channel. It is primarily used on Linux- and Unix-based systems to access shell accounts.

"The problem is, iPhone users don't think of their devices as being Unix computers," Chester Wisniewski, a senior security adviser at security company Sophos, told MacNewsWorld. "But that's just what it is."

The worm searches for vulnerable iPhones by scanning a handful of IP ranges, most of which are in Australia, Mikko Hypponen, a researcher at security software vendor F-Secure, said on the company's Web site. It attacks jailbroken iPhones whose users have not changed their default root login password.

The worm will not affect iPhones that have not been jailbroken. "Apple has a locked system with whitelisting so this type of vulnerability will only affect jailbroken iPhones," Sean Sullivan, a security adviser at security vendor F-Secure, told MacNewsWorld.

The attack is a variation on a prank known as "Rickrolling." Originally, users in an online discussion were provided a link claiming to take them to a video relevant to the topic but which actually took them to the music video for the 1987 Rick Astley song "Never Gonna Give You Up" instead.
Opening Up Pandora's Box

Sophos identified the author of Ikee as 21-year-old Australian student Ashley Towns, according to senior researcher Graham Cluley's blog. Towns goes by the online handle of "ikex."

His phone had infected 100 others, and he had no idea how fast the worm is spreading, Towns reportedly told interviewers. There are four variants of the Ikee worm, and Towns has posted the full source code of all four existing on the Web. This could lead to a lot of trouble.

"The worm could be used for just about anything," warned Sophos's Wisniewski. "It could send spam, make phone calls, send SMS, or listen to your conversations, for example."

The iPhone's increasing penetration of corporate America may also be cause for concern, Sophos's Wisniewski warned. That's because most enterprises don't centrally manage their iPhones, as these often are purchased by users and then used in corporate business, he explained. "People treat their iPhones very much as a personal device, even if they're using them for corporate purposes," Wisniewski said. "One third of the people I know have jailbroken iPhones."