Nov 08 2009

Simple worm RickRolls jailbroken iPhones

Published by at 10:36 am under Apple/Mac,Hacking,Security Advisories

I knew it had to be just a matter of time before someone took advantage all of the jailbroken iPhones and created another malicious tool to pwn them.  This time the attacker has been RickRolling iPhone users, changing the background on the phones to a picture of Rick Astley.  The worm is fairly simple and uses the default password set up on the SSH daemon when you jailbreak your iPhone, so if you’ve taken the 5 minutes required to change the password, you’re perfectly safe from the effects of the worm.  Of course, it’s written by someone in Australia going by the name of ‘ikee’ and generally has only been hitting phones down under, but given that the ikee code was released, along with an interview, it’s only a matter of time before someone else creates a new version that does something much nastier than putting up a picture of an 80’s pop icon.  I can think of a couple of people I know who’d be willing to put pictures of goats or lemons or things with spelling close to that on your iPhone.  And those are just the people who are there to be playful.

I’ve said it a number of times in the last week, but it bears saying again:  If you’ve jailbroken your iPhone, change your iPhone’s root password immediately!

By the way, I don’t know anyone who’s jailbroken their iPhone in order to access pirated software, everyone I’ve talked to did it so they could install software that unlocks capabilities that Apple doesn’t want us to have in existing apps, for example tools like xGPS and SBSettings.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

2 Responses to “Simple worm RickRolls jailbroken iPhones”

  1. elamb securityon 29 Nov 2009 at 9:38 pm

    LOL. Funniest security post I’ve read in a while.

    Posts like this is why I am Never gonna give you up,
    Never gonna let you down,
    Never gonna run around and desert you,
    Never gonna make you cry,
    Never gonna say goodbye,
    Never gonna tell a lie and hurt you, Mr. Mckeay.

  2. Netzenon 04 Dec 2009 at 7:15 pm

    Dare I say they deserve to be RickRolled for leaving a default password in place!?

    And yes, maybe if apple allowed it’s dev’s access to the phone we could start making some decent apps! Like a shortcut to dissable Wifi / Bluetooth / 3G from the springboard? I mean come on Apple…

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: