iPhone users have this weekend been on the receiving end of the first in-the-wild virus for Apple's cult mobile phone. The iPhone virus, called "Ikee", changes the phone's background picture to 1980s singer Rick Astley, and then goes looking for other iPhones on the network to infect.
The Ikee virus spreads using SSH, which is pre-installed, but not enabled, on the iPhone. However, many users who have jailbroken their phones may have enabled SSH as a convenient way of logging into and accessing their phones from other computers. Unfortunately, even though the iPhone ships with SSH turned off, Apple's pre-configuration of SSH sets the same root password on every single iPhone. If you turn on SSH without changing this password, you are woefully insecure.
Early indications are that the Ikee virus was written by a 21-year-old from Wollongong in New South Wales who has recently tweeted that he's "kinda...worried about legal implications." If he did write _and set loose_ this virus on the network, he probably ought to be worried, since breaking into other people's computers isn't acceptable -- even if they have chosen (or, in this case, Apple has chosen on their behalf) an effectively useless password.
Fortunately, the Ikee virus is not explicitly destructive, and -- unlike the vast majority of modern malware -- doesn't seem to have been written as a vehicle for ongoing cybercriminality. Indeed,it seems that, after infecting your iPhone, the virus turns SSH off, thus protecting the device against further attacks of this sort.
Infection seems to be confined to Australia at the moment, though there are unconfirmed reports of Ikee in Thailand and Japan.
This is unsurprising, since the latest variant of the worm greatly favours attacking Australian mobile phone networks. It targets phones throughout several large IP ranges apparently belonging to Vodafone Australia, Optus and Telstra, attacking just one randomly-generated IP address outside these ranges every time it spreads. Since the source code of Ikee is available, however, this could easily change in future variants.
Note also, that a Dutch hacker recently used the same approach -- logging in to jailbroken phones via the known SSH password -- to inject a message asking for 5 Euros to tell you how to secure your iPhone against further attacks.
"If you have a jailbroken iPhone, change your SSH passwords now," urges Paul Ducklin, Sophos's Head of Technology, Asia Pacific. "If you don't have a jailbroken iPhone, you probably also ought to change those passwords, since it makes no sense to have poor passwords pre-configured for any operating system service, whether it runs by default or not. Ironically, it seems that Apple don't want you to do that -- just the sort of operational restriction which led to jailbreaking in the first place."
If you have any questions about the information above or wish to remove malware from your SmartPhone or computing device, please contact Benson & Associates helpdesk at 1-877-247-1664.