Apple iPhone owners Down Under are reporting their jailbroken iPhones have been hit with a worm that hijacks their wallpaper, changing it to an image of 1980s pop star Rick Astley, and eats up their bandwidth. Although the worm may have spread beyond Australia, there are no confirmed reports yet.
The hacker, who calls himself ikex, claims to have infected 100 iPhones with the malware. The true identity of ikex is 21-year-old Ashley Towns, who shows no public remorse about the hack.
SophosLabs is analyzing the worm's code, which suggests that at least four variants have been written. One of the attributes of the latest variant is that it tries to hide its presence by using a file path suggestive of the Cydia jailbreaking tool.
How the Hack Worked
Sophos said Towns was able to hack jailbroken iPhones if the users did not change the default password after installing SSH (Secure Shell). Installing the SSH server turns the iPhone into a cell-phone modem using the data connection. In order to avoid the hack, users would have needed to change their root password to something different than the default.
What makes this outbreak interesting is that it's the first virus to ever spread between iPhones in the wild, said Graham Cluley, a senior security consultant at Sophos.
"In itself it's not the most dangerous piece of malware we've ever seen," Cluley said. "It breaks into jailbroken iPhones that have not been properly secured and changes the wallpaper to a picture of Rick Astley before finding other iPhones to infect."
The result, as Cluley explained it, is that affected users would need to take action to repair their iPhones from the unauthorized modifications, a nuisance that takes time.
The Cost of Jailbreaking
What's more, he explained, the worm's author will have cost each infected iPhone user all the bandwidth used by his malware -- remembering that even just trying to initiate TCP connections to computers which won't accept them wastes some data -- and his worm has some huge IP address ranges through which it tries to open connections.
"The bandwidth used by the worm will come out of users' monthly data quotes or -- depending on their payment plan -- out of excess data charges. Just imagine what a hit that would be if you were unknowingly roaming overseas whilst infected!" Cluley said.
But what he thinks makes this attack particularly dangerous is that the code for the worm is available for download from the Internet.
"Malicious hackers could take it and adapt it for more malevolent ends -- a new incarnation of the worm might not be constricted to infecting iPhones in Australia and might not announce its presence with a Rick Astley photograph," Cluley said. "Furthermore, it could silently steal information from compromised smartphones, opening the potential for real financial gain by the cybercriminals."
Image credit: Product shots by Apple.