Numerous reports have surfaced over the weekend regarding the first iPhone worm spotted in the wild. The worm, known as iKee, only affects modified handsets also known as “jailbroken” devices. These devices have been hacked by their owners to allow for the installation of unapproved, third-party programs that aren’t allowed in the iTunes App Store.
Currently, the worm doesn’t appear to be all that malicious – it simply changes the phone’s background image to a photo of singer Rick Astley, the man whose song “Never Gonna Give You Up” has become a well-known internet meme called “rickrolling,” a joke where users are tricked into clicking links that redirect them to Astley’s YouTube video.
Despite the relatively innocuous nature of this particular attack, it may be the precursor to future attacks of a more malicious nature. But how dangerous will these attacks be to the iPhone-owning population as a whole? Is there really a need for concern?
About the iKee Worm
According to the hacker, 21-year-old Ashley Towns, a student living in New South Wales, Australia, iKee was created to highlight the iPhone’s poor security. Apparently unrepentant about his creation, Towns has made no attempt to hide his identity, posting on internet forums and on his Twitter page about his hack. He even cheekily tweets a response to a post on security firm’s Sophos blog where the writer had sought out the hacker’s identity via Google searches: “You know man if you wanted my number you could have asked.” And he wasn’t kidding – Towns has been happily responding to media requests via his Twitter account. For example, he told ABC News that he had personally infected 100 iPhones with the worm. From those phones, he explained, the worm will then try to spread to other devices.
Perhaps the reason for his transparency has to do with the relatively harmless nature of the attack. The worm just changes the iPhone wallpaper on the affected devices. However, as the Sophos’ post points out, “accessing someone else’s computing device and changing their data without permission is an offence in many countries.”
While that may be true, it’s clear that Towns feels as if he’s almost doing a public service by exposing a security vulnerability that many jailbroken iPhones face.
More Hacks Expected?
While this particular worm appears to be localized to Australia, it could have spread to other countries and eventually, worldwide. It also comes directly on the heels of another similar attack on jailbroken devices. Only last week, a Dutch hacker broke into jailbroken iPhones and then displayed a message on the comprised devices demanding a ransom of 5 Euros. This attack was also made possible through the same vulnerability that the iKee worm uses.
Graham Cluley of Sophos predicts that other hackers will be tempted to write their own code now that they’ve seen what’s possible. In addition, some hackers may be more malicious with their creations than what we’ve seen so far.
But Who is Really Being Affected?
However, even if the attacks escalate, the fact of the matter is that the potential victims are a minor subset of Apple iPhone users. To begin with, they’re relatively tech-savvy to have managed to jailbreak their phones to begin with – a process which involves using downloadable software tools that unlock Apple’s control mechanisms on the device. While not overly complex, most mainstream iPhone users won’t bother to take this action, content with the iTunes App Store and its 100,000 or so available applications.
And then there is the fact that the attacks don’t even affect all jailbroken iPhone owners – they only affect those who have also installed a program called SSH on their devices. The program allows users to access the iPhone’s filesystem with the username of “root” and password of “alpine.” Since few SSH users had bothered to change this root password, that left their phones open to attack.
Still, how many people are we talking about here? And what sort of iPhone user are they? Although exact numbers of jailbreakers are unknown, mobile analytics firm Pinch Media recently revealed data showing there are at least 4 million of these jailbroken devices in the iPhone ecosystem. It’s not known how many of these users have also installed SSH.
For the most part, it’s likely that those who have done so are knowledgeable enough to prevent future attacks on their devices even if they had become a victim of one of these recent hacks. At the very least, they’re now aware of the issue and can follow the straightforward instructions available on the web that explain how to change the root password so it’s no longer the default.
More Dangerous than the iPhone Worm: Dishonest Developers
Despite all the media hoopla over this “first iPhone worm,” it’s not something that most iPhone owners will have to worry about. What’s more concerning are the claims that a supposedly legitimate iPhone development firm has been collecting personally identifiable information from the users of its App Store-approved iPhone games which have been installed over 20 million times. According to a suit filed in the U.S. District Court in Northern California, the firm, Storm8, has been using a backdoor method which allowed them to collect the phone numbers of anyone who had installed their applications. This wouldn’t be the first time that an iPhone developer has done this, either. Apple actually provides an easy way for developers to tap into this information, if they so desire.
If anything, this is the real threat that the media should be focused on, not the iPhone worm.