Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Computers and Technology Discussion

First iPhone Worm Found - Page 1

First iPhone Worm Found

Posted by: fivex
Date: 2009-11-14 04:02:22
(source:F-secure)
We have located the first iPhone worm, dubbed as Ikee. It's currently spreading in the wild, but it's only able to infect devices that have been "jailbroken" by their owners. Jailbreaking removes iPhone's protection mechanisms, allowing users to run any software they want.

Affected users will find that their iPhone wallpaper has been altered to a picture of Rick Astley (of Rickroll fame) and the message "ikee is never going to give you up".

ikee iPhone worm
[img]http://www.f-secure.com/weblog/archives/photo.jpg[/img]
The worm targets users who have jailbroken their phone but have not changed their default root login password. It will search for vulnerable iPhones by scanning a handful of IP ranges most of which are in Australia. At the moment, we have no confirmed reports of Ikee outside of Australia.

After Ikee infects a phone, it disables the SSH service, preventing reinfection.

To protect your jailbroken iPhone, change your root password. Here's how.

The creator of the worm has released full source code of the four existing variants of this worm. This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed.

Re: First iPhone Worm Found

Posted by: SCared_Fir3
Date: 2009-11-17 17:19:36
Haha oh rick astley….that sounds fun? And bad? :o
thank god i dont have an iphone. itouch ftw

Re: First iPhone Worm Found

Posted by: Bent`
Date: 2009-11-17 22:59:35
This is not due to a hole or anything, it only affects people who were too stupid to change the default password for SSH.

Re: First iPhone Worm Found

Posted by: MissingNo
Date: 2009-12-12 11:56:32

This is not due to a hole or anything, it only affects people who were too stupid to change the default password for SSH.


Coming in a month late but - it's also only affecting people too stupid enough to install - and then leave open - SSH. If you didn't have SSH installed (or turned off when not in use), you're a hellofalot more safe than someone leaving SSH open.

It's also partially a cellular network issue - why - just WHY - would you assign a device a public IP address, knowing its' capabilities?

AT&T hides their devices on the network behind several gateways - you have an internal 10.x IP (haven't confirmed if I can ping other AT&T devices inside this network with my FUZE yet) and an outward-facing gateway IP that you share with thousands of others.

Sprint… gives you public IPs. Not too hard to enable Telnet or SSH on a Pre… and then allow it to listen on said public interface - but you as the user must manually perform that step in a terminal as-is, compared to iPhone - with a one-swipe of the "On" switch turning on SSH to all interfaces and IPs.