14 DAY TRIAL // A handful of jailbroken iPhone users who installed SSH from Cydia (in order to connect to their phone and make changes to the filesystem) have found that a hacker has created a worm set to infect them. The worm, affecting SSH-enabled devices whose owners forgot to change the default password, changes the background image / wallpaper, bearing the message “ikee is never going to give you up” as well as the face of Rick Astley.
In an IRC-based interview with the author of the worm, a blogger has revealed more about the particularities of the malware in question.
“First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it),” says ikee, the guy responsible for the ikee iPhone "virus."
“Secondly i was quite amazed by the number of people who didn't RTFM and change their default passwords,” ikee adds. “...i didn't think that many people would have not changed their passwords I was expecting to see maybe 10~ or so people, at first I was not even going to add the replicate/worm code but it was a learning experience and i got a tad carried away.”
Asked whether or not he was aware that his worm had even started to replicate itself overseas, ikee told the blogger, “I heard a few stories about it, that would have been sheer luck, the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on,” he explained to JD, the interviewer. “I can only confirm how many my phone infected alone, which was 100+ phones. I think most of them fixed it (AND I'M HOPING THEY CHANGED THEIR PASSWORDS.),” ikee stressed.
This is not the first time a hacker is able to gain control of an iPhone via means of jailbreak + SSH. Following reports posted over at ars technica and 9to5mac, Softpedia reported last week that users opening SSH access on their iPhone and not changing their default password (after performing a jailbreak) were susceptible to attacks.