| |
The first real-world iPhone cyber-attack has shown its face. And that face belongs to 1980s pop star Rick Astley.
Over the weekend, researchers at cybersecurity firms Sophos and F-Secure detected the world's first active iPhone worm, spreading among Apple smart phone users in Australia. Only users who have "jailbroken" their phones--altered them to run applications not authorized by Apple--are vulnerable, and among those, only those who failed to change their default password for a secure shell (SSH) application that allows file transfers between smart phones.
The payload of that unwelcomed program? Not a password-stealing keylogger or spam sending software, but a switch of the user's operating system wallpaper to Astley's face, along with a message: "ikee is never gonna give you up." (Astley's 1987 song of a similar name has been at the center of a viral "rickrolling" Web phenom, in which users trick friends into clicking on a YouTube link to Astley's hyper-cheesy music video.)
In Pictures: 10 Cool Celebrity iPhone Apps
In Pictures: Top 10 iPhone Apps For Creativity
In Pictures: 10 Best iPhone Apps For Business Networkers
In Pictures: 10 Top iPhone Apps For Road Warriors
In Pictures: The Nastiest Apple Ads
Since the iPhone's advent, cybersecurity researchers have warned that its popularity would lead to new interest in smart phone hacking by cybercriminals. In July, Apple cybersecurity guru Charlie Miller showed at the Black Hat Conference in Las Vegas that a text message vulnerability in the phone would allow hackers to take control of the phone and use it to propagate more attacks, quickly spreading from iPhone to iPhone. Apple patched the flaw the day after Miller revealed it.
Researchers haven't estimated how many phones have been infected with the rickrolling "ikee" worm. But it's likely far fewer than would have been affected by Miller's text messaging vulnerability. Though around 4 million iPhone users have jailbroken their phones, according to mobile analytics firm Pinch Media, only a much smaller subset have likely failed to change their default password.
The world's first iPhone worm is also hardly a true criminal exploit. Instead, it seems to be half warning, half prank. Ikee's author, who identifies himself or herself as "ikex" in the worm's source code, also wrote in the code that "People are stupid, and this is to prove it so," adding that users should read their phones' manuals.
"It's not that hard, guys," ikex writes. "But hey who cares its only your bank details at stake."
Still, as in other cases where teenage prank hacking presaged profit-motivated cybercrimes, researchers warn that more dangerous iPhone hacks could follow, especially now that the ikee source code is publicly available. "This means that there will quickly be more variants," writes F-Secure researcher Mikko Hyppönen. "And they might have nastier payloads than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed."
In other words: This may be one situation where Rick Astley should be taken seriously.
|
Twitter
Live
Google
del.icio.us
Digg
