• On CHOW: Can nutmeg make you hallucinate?
November 8, 2009 9:07 PM PST

Rickrolling iPhone worm is never gonna give you up

by Caroline McCarthy
  • Font size
  • Print
  • 30 comments

Well, this hacker has quite the sense of humor.

Reports started spreading this weekend that iPhone users in Australia had been falling victim to "ikee," a worm that replaces default wallpaper with a picture of Rick Astley, the British pop singer whose song "Never Gonna Give You Up" has gained eternal infamy thanks to the mainstreaming of the "Rickrolling" prank craze. The photo is accompanied by the message "ikee is never gonna give you up," and it's apparently quite difficult to remove. According to security firm Sophos, this is the first worm detected that targets the iPhone.

The vulnerability is pretty specific: the phones must be jailbroken in order to be affected, and it appears to spread by searching an infected phone's contacts to find other jailbroken-phone users who have installed the Unix software SSH (secure shell) but haven't yet changed their passwords from Apple's default root password, "alpine."

Sophos says that it has not heard of any occurrences of the worm outside Australia, and that while it doesn't appear to do anything worse than irritate and embarrass affected users, that it highlights the vulnerabilities that jailbroken phones face.

Caroline McCarthy, a CNET News staff writer, is a downtown Manhattanite happily addicted to social-media tools and restaurant blogs. Her pre-CNET resume includes interning at an IT security firm and brewing cappuccinos. E-mail Caroline.
Topics:

iPhone

Tags:

security,

Apple,

iPhone,

worms,

Rick Astley,

rickrolling

Share:
Digg
Del.icio.us
Reddit
Recent posts from Apple
Game developer cuts back on Android in favor of iPhone
How smoking can ruin your Mac
Apple: 'Enterprise' is as enterprise does
Analyst: Timing of the Apple tablet is irrelevant
Dear Apple, about the next iPod
Are these Apple's 2009 Black Friday deals?
AdMob brings interactive video ads to iPhone
iPhone app developer quits over approval process
Related
Jailbroken iPhone? SSH installed? Beware of worms!
Rick Astley resurrected in iPhone worm
Jailbreakers beware: iPhone malware evolves rapidly
Secure your jailbroken iPhone against worm
CNET News Daily Podcast: Firefox is five
Buzz Out Loud Podcast 1102: We're blocked in China! We made it!
PDC Day 2 live blog: Office 2010, IE 9 on stage
Hacker breaks into jailbroken iPhones, asks for $7
Add a Comment (Log in or register) (30 Comments)
  • prev
  • 1
  • next
by Sporlo November 8, 2009 9:35 PM PST
Dang! I fell for the vulnerabilities link! Didn't bother to check the URL before clicking XD
Reply to this comment
by tektaktyks November 9, 2009 5:23 AM PST
lol
by Mr_fleabite November 9, 2009 9:15 AM PST
lol, Rickroll'ed
by rationalreview November 9, 2009 5:21 PM PST
Yes, crappy apple software to blame again.
by mose0 November 8, 2009 10:02 PM PST
LOL...
Reply to this comment
by scottjennings November 8, 2009 10:13 PM PST
This is a non-story. This hack does not work over the cell network, and it is not ?infecting? other iPhones through the address book or any other method.

This is a Wi-Fi hack, meaning the person doing it must be on the same Wi-Fi network, and you must have jailbroken the iPhone, installed SSH, and then been dumb enough to not change the default root and user passwords.

As usual, cnet can?t bother to do the simplest research or fact checking before posting a story.
Reply to this comment
by stiff_kitten November 9, 2009 4:02 AM PST
Oh, it is not just c|net. Many other sites such as Gizmodo and TechCrunch are not even reporting that it requires a jailbroken iPhone.
by djstewpac November 9, 2009 9:30 AM PST
Would life be that bad if you just... laughed.

anyway, you're the one checking and then responding to this.

so if this is a non-story, well mrscottjennings, you just love wasting life.


:) love you caroline.
by macassist November 8, 2009 10:40 PM PST
How on earth can a worm determine whether entries in an address book are for iPhones, let alone jailbroken ones? And how does even having the number give you the IP address to target? Answers - it can't and it doesn't.

The Sophos post even mentions that the worm "appears to attempt to find other iPhones on the mobile phone network" - i.e. a scanning attack similar to the one used by this Dutch hacker: http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars which relies on jailbroken iPhones running SSH with the default root password - the address book doesn't make an appearance in either case.

This sort of attack can happen via WiFi or the cellular network (the latter if the cellular provider doesn't block port 22 incoming to its devices).

Maybe reading linked sources would be a good idea, especially on stories revolving around worms and security, a field which is already rife with FUD from security vendors and pundits.

Sean
Reply to this comment
by Anhringo November 8, 2009 10:58 PM PST
Vulnerabilities link got me, too.
Reply to this comment
by 7applecores November 8, 2009 11:57 PM PST
If I turn off my firewall I get hacked, or if I use windows too.

Or any other cracked programs tend to do similar bad things

hey Cnet, you figure cracking an OS has any negative implications?

Lol
Reply to this comment
by CrashPad63 November 9, 2009 7:19 AM PST
You buttheads dont get it. Right now 5 percent or more of your swiss cheese OS of Mac are compromised and being used for a botnet. But no this Iphone thing is not real! Stick your head in the sand.
Calssic koolaid induced response. You do know that ole Jobsy made the Iphone crippled, how in the hell do you think the Iphone has been compromised so often.
by Dalkorian November 9, 2009 10:06 AM PST
CrashPad - bull. You lie like a cheap rug, or do you have any sources to back up your wild and totally inaccurate assertions?

LOL!
by CrashPad63 November 10, 2009 6:11 AM PST
Dalkorian, Just start looking in the deep part of the black hat world. Go ahead, you can do it. You will be suprised at what you find. You Apple koolaid swillers are so gullible. You leave your doors wide open for all to see and use attheir discretion.
But really go ahead and believe in whatever Jobsy tells you, its allright, Right???
by Mr. Dee November 9, 2009 4:05 AM PST
Listen to me, there is absolutely nothing wrong with Rick Astley. I am big fan of Never Gonna Give You Up, She Wants to Dance with Me, Together Forever, Cry and many others. I don't know where this deep hatred for the guy comes from. He brings back a lot memories for me growing up. Lets stop and just listen the music and understand why Rick is so special. No, this is not a joke, I truly admire the music.
Reply to this comment
by Random_Walk November 9, 2009 6:20 AM PST
We understand. You admire Windows as well, yes?
by Mr_fleabite November 9, 2009 9:34 AM PST
Random Walk where do you get off, man.

Rick Astley is as hot now as he ever was. RA is a phenomenon unto himself with those silky smooth tonsils and 2 feet planted dance moves that rival any 80's or early 90's artist. Did you even watch the video?! Do you even realize that Mr. Astley has a slightly above average singing range. On top of all that he doesn't even look like he's able to sing the way he does, BUT HE CAN, HE'S FREAK'N RICK ASTLEY! I'm sorry sir but as you are obviously COMPLETELY blind (maybe that's why you don't like windows?) I don't think you're qualified to comment about the great Rick Astley. Good day to you sir, and you can keep your poisonous apple. ;)
by dlow November 9, 2009 4:37 AM PST
Full story is that the phone must be jail broken and the root password for SSH must be the default password. This means that it only affects stupid people.
Reply to this comment
by rationalreview November 9, 2009 5:25 PM PST
Or people with lives that don't have their faces in their phones 24/7 tinkering. You know, those who walk while looking at the phone with that kinked neck sort of look. Those in the breakroom sitting across from each other at the table texting each other instead of talking only to hear a little giggle from them when they both agreed on something they just texted each other was funny. Most people in the world don't mess with their technology enough to be called stupid,....STUPID. Get out of the box please.
by exNewt November 9, 2009 5:02 AM PST
appears to spread by searching an infected phone's contacts to find other jailbroken-phone users who have installed the Unix software SSH (secure shell) but haven't yet changed their passwords from Apple's default root password, "alpine."

and you LEAVE "SSH" TURNED ON.

Y'know, I had a neighbor robbed who left their doors open with a sign saying "we're on holiday for the week"
Reply to this comment
by vmlenigma November 9, 2009 7:47 AM PST
I jail broke my phone last night, but restored right after reading the article.
Rick Astley ? na Thanks
Reply to this comment
by solu1978 November 9, 2009 8:36 AM PST
Good for you.
by DragonStab November 9, 2009 9:14 AM PST
You know...... posting this article gives the virus writer just what he wants. Exposure, and proof that his virus has had an effect. It will only inspire the writer of the virus to try to gain "fame" by trying something else.

I find it irresponsible to report something stupid like this since there is no real danger to the "victims" or their equipment.
Reply to this comment
by scifiend November 9, 2009 10:54 AM PST
Why is jailbreaking being blamed for this? Its the idiot who doesn't change the root password that is the problem. I think it's true Apple can use this incident as further disinfo to validate their anti jailbreaking stance. Perfect timing!
Reply to this comment
by Raabscuttle November 9, 2009 11:38 AM PST
Lies! LIES!!! ALL LIES!!! Apples are perfect. iPhones are perfect! PERFECT I TELL YOU!!!!
Reply to this comment
by Gold_Storm_Mac November 9, 2009 4:08 PM PST
lol
by setjeff15081947 November 9, 2009 1:56 PM PST
He could at least have been Naked.
Reply to this comment
by wguzman2014 November 9, 2009 2:16 PM PST
Wow. My jail-broken T-Mobile USA iPhone has not been hit yet. I hope it doesn't.
Reply to this comment
by 01Phyxius November 9, 2009 3:14 PM PST
ATTENTION: BREAKING NEWS BULLETIN
This just in, STUPID PEOPLE ARE VULNERABLE TO MALWARE.
Oh wait, you just caught on?
Reply to this comment
by codenamejag November 15, 2009 9:54 AM PST
damn, i just got hit. i'm in singapore.
is there a way to get rid of it? please help
Reply to this comment
(30 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

Google has its own plan for Netbooks

No, the search giant isn't saying it will build a Netbook. But it sure knows what it would like one running Chrome OS to resemble, and that's a little different from the Netbook of today.
• Screenshot tour of Chrome OS

About Apple

At the start of the 21st century, there's no tech outfit more influential than Apple. CNET News' Erica Ogg and other reporters will attempt to make sense of the rumors, hype, products, and people that will shape the future of the company. But Apple's not the only game in town, as the established cell phone companies and others strike back against the iPhone. E-mail Erica at erica.ogg@cnet.com.

Add this feed to your online news reader

Apple topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET