The iPhone worm and you

Ikee never gonna give you up

What do you get when you mix Jailbreaking, vulnerable SSH setups and Rick Astley? The first iPhone worm. Read more to ensure your device is safe.

If you’re in tune with internet news and social media, you are bound to have heard about the alleged first iPhone worm. One, Ashley Towns from

Ashley Towns, aka Ikee

over the ditch in Australia decided to have a little fun one night and coded a simple piece of malware to run on his phone. The software was designed to scan his local data network for phones which had been Jailbroken and were listening on port 22 for SSH connections.

Normally, SSH is used for computers and devices that already have root users and the like set up. The issue with the iPhone was that when not jailbroken, root is not set up and accessible. In the jailbreaking process, OpenSSH is usually installed (it is considered an essential). It’s really helpful and enables the user to access their iPhone’s file system from their computer or any device that is compatible with SSH. The fatal flaw with this setup, however, is that the root password is set to “alpine“. Can you see where this is going?

So, when the worm found a phone listening to the port, it attempted to login to root with the password “alpine”. Since most users were too novice or naive to change their passwords, the worm’s penetration rate was very high. When the worm obtained access it infects the phone and makes it also scan the local data network for vulnerable phones. Fortunately however, the worm also changes the wallpaper to a picture of Rick Astley with the text “Ikee never gonna give you up”, so the owner knew they were infected and could seek disinfection. So, soon enough, we have ourselves a growing net of infected phones, all to the tune of a beloved singer, Rick Astley.

The process of searching the data network for vulnerable phones only works locally on your cellular provider. That means that it’s only really possible to infect phones that are geographically close to you or use the same connection range as you. However, there is one possible way around these containment parameters: changing cellular network. In fact, something more complex must have happened for the worm to reportedly spread to New Zealand. A person with an infected phone must have traveled from Australia to New Zealand and connected to Vodafone. Luckily, the quick thinking Paul Brislen took immediate action to help prevent the spread.

So, the Ikee worm is in New Zealand — you need to make sure your phone is not vulnerable, so what do you do…. Although iPhonewzealand don’t support jailbreaking we’re here to try and help the community. Here’s a guide to help make sure you are protected.

First off, devices which have not been jailbroken are not vulnerable. Yes, for once, keeping your iPhone virginity is a good thing. For the rest of us, a few measures need to be taken to secure our devices.

Change your root and mobile password

On your phone, open up Cydia and download MobileTerminal. This will probably be under the Developer tools flag. Once installed, open it up and you will see it has automatically logged into the user ‘mobile’. It’s not worth explaining all the inner workings of the OS so simply type in the following commands to change your password (full size images in gallery below):

Changing SSH passwords

1. su root
   Enter alpine as password
2. passwd
   Enter your new password into the field and the retype field. Note that no stars will appear but it is working.
3. passwd mobile
   Same as above

You can now press the home button to close MobileTerminal.

Disable SSH when you are not using it

Users of the SBSettings application can obtain additional security against the threat. Download the SSH toggle add-on which will enable you to turn SSH on and off in a flash through the usual interface. However, note that when you reboot the device the toggles will reset so you will need to regually check that you still have it disabled.

Toggle SSH through SBSettings

Once you have performed the necessary changes to your password and potentially SBSettings to allow for toggling, you are 100% safe from the worm. If you already have it, the easiest way to disinfect is to restore your device through iTunes to the latest firmware.

No harm can really come from the Ikee worm, except it may use up some cellular data when searching for other vulnerable phones. If you have it, I suggest turning off your device (hold down Sleep/Wake and the Home button and slide to power off) until you are able to plug it into iTunes and restore. This will help prevent the spread of the worm and save you some data charges!

So long the days that we could breathe easy and know our devices were safe. The iPhone is an immensely popular platform and it won’t be long until more serious threats occur (if they haven’t already?). Be vigilant and be smart, and remember that breaking free from Apple with a jailbreak also deems their security and liability useless.

It is noteworthy to mention that Ikee was not the first person to exploit this security hole. The idea, so to speak, came from an attempt from a hacker in the Netherlands to render devices useless and charge a monetary fee to get them fixed. He eventually posted instructions of how to disinfect free of charge.