Source code for ikee iPhone worm in the wild

Source code for ikee iPhone worm in the wild

Summary: A 21 years old Australian has launched the first iPhone worm to automatically exploit jailbroken devices. With the source code now in the wild, how long before copycats start modifying and improving it?

SHARE:

Following last week's systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author's intention to raise awareness on the issue, the originally released as "closed source" code for the "awareness-building worm" has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone's contacts and SMS messages.

In an interview published with the author of the iPhone worm, he states that his iPhone alone has already infected 100+ devices, and commented that international propagation "would have been sheer luck", since "the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra's IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT'd) then a random 20 IP ranges. I'm guessing a few phones hit a range that another vulnerable phone was on".

Interestingly, in a recent poll results, 76% of the people who voted believe that "He's done iPhone users a favour. This was an acceptable way to raise awareness of poor security". I wonder what would their attitude be if they knew that several modifications and customized modules are already capable of stealing their SMS messages and contacts, potentially using them for fraudulent activities.

What do you think, did the teenagers that launched these attacks during the last two weeks did someone a favor, or did they actually started a short-lived trend with malicious copycats already looking for ways to exploit the potentially hundreds of thousands of jailbroken devices using the easy to find 3G IP ranges?

TalkBack.

Topics: Security, Hardware, iPhone, Mobility, Smartphones

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • iPhone is officially the most malware ridden mobile platform in the world

    And since the "bad guys" always go after low hanging fruit, that [b]proves[/b] that iPhone is the [b]least[/b] secure mobile platform in the world. Buy an iPhone if you want to be infected [b]within seconds[/b] by malware [b]that requires no user interaction[/b]. Buy anything else if you care about security.
    NonZealot
    • Far from defending Apple...

      While I personally think Apple has some of the worst security practices in the industry, this is NOT an issue with Apple.

      The issue is with the process required to 'jailbreak' an iPhone, not with an off-the-shelf iPhone.

      Now, the need to jailbreak an iPhone to get away from the Apple/AT&T monopoly is a whole other issue...
      s_southern
      • The need to jailbreak is inextricably linked to this, though...

        I don't think you can give Apple a pass on this just because it has to do with jailbroken iPhones. It's the need to jailbreak (or at least the perception of that need) that set this in motion in the first place.

        Of course, it didn't help that you're allowed to keep a weak default password. Changing your password is a policy that needs to be enforced rigorously.
        bhartman36
        • What need?

          There is no "need" to jailbreak an iPhone. This is not even close to a "need". It is a want. If one really "wanted" the iPhone to do something it doesn't then one should have bought another phone or at least learned to change the default password. People "wanted" to jailbreak their iPhone and my money says it was mostly to impress their friends "Ohh you changed the background layout of your iPhone, that's cool. Oh wait a sec, who's this Rick guy?"
          oncall
        • BZZZZT, wrong.

          1) There is no need to hack your phone.
          2) If you choose to hack your phone, noone forces
          you to leave a remote admin tool running on it,
          and with the default fucking password!
          AzuMao
    • You forgot...

      that it was because some idiot created a jailbreak tool that installed an SSH server with a default root username password....

      PS: iPhone had alot of vulnerabilites allready... some of them worse then the equivalent in Windows mobile or android. But this one does not count as a Apple made flaw(unless Apple did install an SSH server on the iPhones with a default username password in wich case it is also a Apple made flaw).
      Ceridan
      • Actually

        The person who wrote the jailbreaking code is probably a certifiable genius compared to the idiots who "needed" to jailbreak their phones without appreciating the security ramification of doing so.
        oncall
        • But then..

          Why is there a market for jailbreaking umm?
          Ceridan
          • most people

            who jailbreak understand the need - in fact the warning is repeated ad nauseum on several forums dealing with jailbreaking - to change the default password.

            I do agree that Apple did not put in a lot of features that they should have and so far they have been giving in and adding some - and yes my iphone IS jailbroken but at the same time blaming Apple for this is like blaming Microsoft for all the worms that can possibly infect a PC running Windows. I blame the users who jailbroke their iPhones without changing the default password - like I said there are warnings and suggestions to do so all over the 'net.
            athynz
          • See my post above

            There is a market for jailbreaking because people "want" their iPhones to do things outside the normal OS design. And whoops, there is a downside, what a shocker. You farted around with the default security of you iPhone for entertainment purposes and, surprise surprise, someone exploited that.
            oncall
    • Dear MSZealot

      Malware infection on the iPhone requires no user interaction?

      You have to destroy Apple's security framework with the jailbreak and install additional software. Well, sound people would call that user interaction.

      The total number of infected iPhones is also interesting: about 100 iPhones are affected. This number seems to be smaller than the number of fruitless Anti-Apple rants you start per week at ZDNet. And still you haven't hurt Apple in any way.
      It's a quantit? n?gligeable compared to the millions and millions of malware infected Windows PCs. And still this malware awashed operating system is your system of choice. So take your own advice and [i]buy anything else [/i]than Windows [i]if you care about security[/i].

      HerbertH_02
    • Latching onto a lie once again

      and spreading it as the gospel truth to advance your anti Apple agenda... and again epic FAIL!

      The iPhone OS is NOT inherently bug-ridden and prone to malware as you claim. In order for this worm to work two things have to happen, one wich requires user interaction on a level Apple did not intend. The first step would be to jailbreak the iPhone - which is the step that requires user interaction BTW. The second step is one that people do not consider doing which is to change the default password when they do jailbreak.

      So the stock, pure, pristine, unmodded OS as Jobs and Co intended it to be is NOT vulnerable to this worm. A jailbroken iphone with the default password changed - as is commons sense - is NOT vulnerable to this worm.

      Again NZ complete epic FAIL. Nice try though...
      athynz
    • EPIC fail.

      How the hell is it the iPhone's fault that when
      the user chooses to hack it to download warez,
      installs a remote admin tool onto it, and leaves
      it running with the default password? How the hell
      is that "no user interaction"? You're the most
      idiotic troll ever. Even worse than Loverock.
      AzuMao
      • Oh come on...

        AGAIN with the "hack to download warez" crap?

        AzuMao get your head out of your buttocks... not everyone who jailbreaks is into getting free warez or ripping off the App Store. You ascribe a motivation to those who jailbreak with no proof - it is pure conjecture on your part.

        Other than that I agree with ya... :-)
        athynz
        • If you're doing it to switch carriers..

          ..it isn't called jailbreaking, and you don't
          install that service.
          AzuMao
          • You are misinformed

            In order to UNLOCK the iPhone one has to JAILBREAK it first so yes you DO have to install that service. There ARE factory unlocked iPhones in existence somewhere but I have no idea where to find them - and they'd very likely be even more expensive to boot. So if one wants to unlock, one HAS TO jailbreak.
            athynz
          • Even if so

            There's still no need to leave it turned on. And
            with the default password to boot!
            AzuMao
  • What happened to the Droid?

    There was a myriad of articles really hyping up the Droid as a
    true competitor to the iPhone and now there is hardly a word
    about it on ZDnet. And yet articles about the iPhone are still
    all over the place. I guess the news that Verizon only sold
    100,000 Droid phones in their first weekend (as opposed to
    Apple's 1,000,000 3GS phones during the first weekend)
    wasn't worthwhile news.
    7stringdude
    • Sorry my bad

      I failed to see the article on ZDnet mentioning the droid selling 100,000
      in the first weekend. It is interesting to note, however, that ZDnet
      neglected to compare that number to the 3GS first weekend launch.
      7stringdude
  • RE: Source code for ikee iPhone worm in the wild

    iPhone still secure, no worm or viruses yet on this platform.
    Jailbreaking your iPhone will remove the safe guards and
    make your "Jailbreak Phone" not "iPhone" prone to attack.
    XArt