Jailbroken iPhone Users Get Rickrolled

Use Netsparker


The ‘big’ news this week was the first self-replicating worm hit the iPhone, it only seemed to be spreading in Australia though and only worked under a specific set of circumstances.

It only effects iPhone users that have jailbroken their phone and have the SSH software installed with a default password of alpine.

Thankfully it’s not particularly malicious unless you are allergic to Rick Astley.

iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that’s not easily removed. The attacks, which researchers say are the world’s first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple’s default root password of “alpine.” In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message “ikee is never going to give you up,” a play on Astley’s saccharine addled 1987 hit “Never Gonna Give You Up.”

Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling. A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday.

A new twist on the rickrolling phenomena at least, and of course the good thing for the rest of the World is that the infection seems to be fairly localized.

To me it’s more of a PoC (Proof of Concept) than anything else, but it is a neat piece of programming and shows what some malicious minds could put together if they wanted to target iPhones.

From the authors perspective he just wants to let people know that if they are gonna mess with their iPhone they better secure their shit.

The attack is a wakeup call for anyone who takes the time to jailbreak an iPhone. While the hack greatly expands the capabilities of the Apple smartphone, it can also make it more vulnerable. Programs such as OpenSSH, which can only be installed after iPhones have undergone the procedure, can be extremely useful, but if owners haven’t bothered to change their root password, the programs also represent a gaping hole waiting to be exploited.

Indeed, a hacker going by the moniker ikee and claiming to be responsible for the worm said here that he wrote the program to bring awareness to the widely followed practice of failing to change the iPhone’s password.

“I was quite amazed by the number of people who didn’t RTFM and change their default passwords,” the unidentified worm writer said. “I admit I probably pissed of [sic] a few people, but it was all in good fun (well ok for me anyway).”

Ikee said the worm disables the SSH daemon so it can’t be targeted further.

And in the true hacker spirit, the worm disables SSH so it can’t get infected again or hacked by anyone else.

It doesn’t takes skills to own the box, it takes skills to stay on the box :)

Source: The Register

Posted in: Apple, Exploits/Vulnerabilities, Malware

, , , , , , , ,


Latest Posts:


NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.


5 Responses to Jailbroken iPhone Users Get Rickrolled

  1. anon November 11, 2009 at 5:20 pm #

    why does old news consistently get posted here? I think im going to remove this from my rss feeds.

  2. Darknet November 11, 2009 at 5:30 pm #

    anon: Yah I guess if news that broke 3 days ago is old, this aint the site for you :)

  3. Morgan Storey November 12, 2009 at 3:46 am #

    @anon: can’t be new first the time, I saw this at least 6 times in my RSS. Sometimes different sites can show a unique side on an existing story.

  4. 0daySecurity November 12, 2009 at 7:30 am #

    Maybe sometimes it’s not the first site to get the news published but I like the way they comment them.
    Keep up the good work Darknet!

  5. Anon November 12, 2009 at 6:36 pm #

    There are reports now of a tool that runs under Mac/Win/Linux (Python? Perl?) that will scan IP ranges for iPhones with SSH and default pw, then proceed to siphon out the phones email, contacts, sms, photos, videos, applications, etc.

    I’ve been unable to find it … { wink wink }