Harmless iPhone worm will spawn more dangerous offspring

Graham Cluley
There are ways of raising security awareness without breaking into people's property, says Sophos' Graham Cluley

Computer security headlines are dominated today by the discovery over the weekend of the world's first iPhone worm, dubbed Ikee.

No doubt the fact that it changed your lock wallpaper to a picture of 1980s pop throwback Rick Astley and displayed a message saying "Ikee is never going to give you up" didn't do it any harm in catching attention.

The Ikee worm can only infect jailbroken phones (those iPhones which have been tinkered with by their owners to run applications not approved by Apple) that have installed SSH and not changed their default root password.

That may sound like quite a combination of factors, but it's surprising how many people have chosen to jailbreak their phones to gain access to programs that Apple would prefer they didn't run.

It didn't take much Googling and internet detective work for me to determine that the author of the worm was 21-year-old Ashley Towns, a student living in Wollongong, New South Wales. He'd been pretty careless in covering his tracks and since his "outing" has been courting the media via his Twitter page.

Blame boredom

Inside the worm's code Towns pre-empted a question that many were likely to ask about why the worm was written:

"Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn't anyone RTFM anymore?"

But can it ever be right to write a virus?

I don't think so.

Even if you are concerned about users being lax about computer security, it is still illegal to break into their devices and change data. It's even more irresponsible to release a worm - that by its very nature spreads virally under its own steam. That means, even if the hacker regrets his past actions and doesn't want his worm to spread anymore he can't stop the attacks from happening.

There are ways of raising awareness about security issues without breaking into people's property - a responsible computer enthusiast would have stopped well short of releasing a worm.

Worryingly, Towns told the media that he personally infected 100 jailbroken iPhones, which then would have gone on to try to infect other devices.

Furthermore, the code for the iPhone worm is now available for download from the internet. Ashley Towns' original incarnation of the Ikee worm may have been mostly harmless compared to most of the financially-motivated malware we see today - but who is to say that more money-orientated hackers won't write a more dangerous version?

A future version could be programmed to spread worldwide rather than just in Australia, and could silently steal private information from your iPhone.

My prediction is that we're going to see more attacks like this in the future.

So, if you're an iPhone user who has jailbroken their phone in order to add functionality that Apple may have denied to them, please change your root password and take security seriously. If you're careless you could fall foul of a hacker.


Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his blog on the Sophos website you can find him on Twitter at @gcluley.