This had to happen sooner or later given the popularity of the iPhone. A worm named ikee is doing rounds infecting jaibroken iPhones in Australia.
This worm infects only those iPhones where the owners have installed the SSH package and not changed the default root password from ‘alpine’.
Once it is on your iPhone it changes the wallpaper to a picture of ’80s pop star Rick Astley and a message ikee is never going to give you up.
The creator of this worm who goes by the name ‘ikex’ had a long conversation with JD and the entire transcript can be found on JD’s blog.
In the interview, ikex explains how it works and that it was only a ‘proof of concept’ which can be used to create a lot of havoc in the wrong hands. If you are one of the unfortunate souls whose iPhone is already affected by ikee then there is a simple solution provided in the interview.
The worm’s author appears to have realised that people might be interested to learn why he wrote the worm, and posted this explanation inside the code:
Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn’t anyone RTFM anymore?
This surely is a wake-up call to all the users who haven’t changed the SSH password after installing the package. It is really simple.
If you’ve got a jailbroken iPhone or iPod touch, installed SSH package and haven’t changed the default device password, do it now!
If you are using terminal:
- Type: ssh root@<IP address of iPhone >
- You will be prompted for the password:
Type alpine - Now you’ve logged in as root.
Type: passwd - You will be prompted for a new password – Enter a password you will remember. (Avoid words found in dictionary)
{ 6 comments… read them below or add one }
Ill post a link when I find the thread I read. This was actually done by a guy an Australian guy. The first report I read was that he developed it as a joke and charged (= to 5 bucks usd) people to know how to fix it. He accessed all of the users in Australia on the T-Mobile network. And sent the sms message to everyone that had the security hole. He also was caught and said he would refund all money sent to him. The same article I also read provided the fix. As it patches the 3 holes which allow people to exploited the jail broken phones with ssh.
Here is the link to the attack, which has now gone public.
http://www.theregister.co.uk/2009/11/03/iphone_hack/print.html
Here is the Fix.
http://mr09.fileave.com/
Thanks Jon. I have been having that foolish wallpaper since morning. Came to know it was a worm only after reading the above post and your comments.
John now I am really worried about jailbreaking. Didn’t know my iPhone was so vulnerable to attacks. I hve confidential information on my phone. I better unjailbreak it soon. Thanks for your fix.
If you do the fix. Noted above, it will stop all attacks currently known.
This attack is major as the possiablities are endless. The first step is to change that password, period. 2nd do the steps on that link. And your good to go until we see something new show up.