Rickrolling worm infects jailbroken iPhones

Posted by Aharon Etengoff

A number of iPhones in Australia have reportedly been infected by a worm that replaces the background wallpaper with an image of 80's pop icon Rick Astley.

"The worm, which could have spread to other countries although we have no confirmed reports outside Australia, is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH," explained Sophos security researcher Graham Cluley. "Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable and installs itself again."

Rickrolling worm infects jailbroken iPhones

The nefarious worm - which was written by a hacker named Ikex - also scrawls the phrase "Ikee is never going to give you up" over Astley's infamous visage.
?
"The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH," said Cluley. "What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default 'alpine.'"

According to Cluley, an analysis of the worm's code indicates the presence of at least four variants - with one version attempting to mask its presence by hiding in a filepath similar to the Cydia application.  

Rickrolling worm code analyzed by Sophos
?
"The source code is littered with comments from the author suggesting the worm has been written as an experiment. One of the comments berates affected users for not following instructions when installing SSH, because if they had changed the default password the worm would not have been able to infect them," added Cluley.

It should be noted that Ikex has been tentatively identified as 21 year-old Ashley Towns from Wollongong, Australia.

See Also

Apple plans iPhone lockdown
Hacker jailbreaks iPhone 3GS with blacksn0w crack
iPhone jailbreakers held hostage