The worm works by trying to find other jailbroken iPhones on the same cell phone network. If the jailbroken iPhones are still set with their default SSH password, the worm installs itself and changes the wallpaper to a photo of 80’s singer Rick Astley and the text “ikee is never going to give you up.”
ikee Image Courtesy of Sophos
The words and photo are a play on the online joke known as “Rickrolling,” where someone is tricked into clicking a link that shows a video or Mr. Astley singing “Never Gonna Give You Up.”
It appears that at least four variants of the worm have been written so far, and they don’t do anything other than install the Rick Astley wallpaper. Since all four variants are available in the wild, however, there is the possibility that someone could add a more malicious payload to the code.
“Other inquisitive hackers may also be tempted to experiment once they read about the world’s first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload,” said Sophos’s Graham Cluley.
This marks the second incident where someone took advantage of the default SSH password on jailbroken iPhones. Last week jailbroken iPhone owners in the Netherlands started seeing a message appear on their screens from a hacker wanting €5. That hack appeared to work like the new ikee hack, too.
These hacks work only on jailbroken iPhones, so unmodified iPhones won’t be affected. Users that do jailbreak their iPhones should change the default SSH password to avoid the worm, too.
Since many iPhone owners don’t understand the potential security risks involved with jailbreaking, however, there will likely be a large base of phones for hackers to target. “My prediction is that we may see more attacks like this in the future,” Mr Cluley said.