First-known iPhone worm 'Rickrolls' jailbroken Apple handsetsThe iPhone's first worm —a playful, wallpaper-changing prank that only affects jailbroken phones —could be a sign of more dangerous things to come.
A hacker who identifies himself as "ikex" created the worm, which changes the user's wallpaper to a picture of 1980s pop star Rick Astley, who sang the 1987 hit "Never Gonna Give You Up." The software includes the message: "ikee is never gonna give you up."
The term jailbreaking refers to a hack that allows users to run software not approved by Apple on the iPhone. It can grant users the ability to install custom wallpapers and themes, enable tethering, or unlock the handset for use on a non-approved carrier.
The ikex worm is simply a prank known as "Rickrolling," an Internet bait-and-switch meme when users expect to see a video on a certain topic, only to find themselves watching Astley's cheesy 1987 music video. According to Forbes, the worm does nothing malicious.
"The world's first iPhone worm is also hardly a true criminal exploit," the report said. "Instead, it seems to be half warning, half prank. Ikee's author, who identifies himself or herself as 'ikex' in the worm's source code, also wrote in the code that "People are stupid, and this is to prove it so," adding that users should read their phones' manuals."
For now, the worm is said to be spreading among jailbroken iPhones in Australia. It affects only users who did not change their default SSH password, which allows file transfers between phones.
"It's not that hard, guys," ikex wrote in the source code. "But hey who cares its only your bank details at stake."
Mikko Hyppönen, researcher with F-Secure, discussed the worm on his company's Web site. It lets users know how to change their root password, and also warns that the software could become more dangerous.
"The creator of the worm has released full source code of the four existing variants of this worm," he said. "This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed."
This summer, Apple quickly fixed a text messaging exploit that could have affected all iPhones. The exploit took advantage of the fact that SMS can send binary code to a phone. That code is automatically processed without user interaction, and can be compiled from multiple messages, allowing larger programs to be sent to a phone.
The exploit, discovered by security researcher Charlie Miller, exposed the iPhone completely, giving hackers access to the camera, dialer, messaging and Safari.
Miller also, back in 2007, discovered the iPhone's first security flaw. It allowed malicious Web sites to take advantage of flaws within the Safari Web browser.