A worm worms its way into some iPhones that have been jailbroken -- self-vandalized to run unauthorized software. But no worries, as they say in Austrialia, where the worm, called Ikee, was written by an out-of-work programmer who admitted he was a "little niave" about the resulting global digistorm.
Ikee changes the phone's wallpaper to use a photo of 1980's pop singer Rick Astley (an echo of the "Rickrolling" phenomenon which fooled Internet users into watching an Astley music video by masquerating as something else), and then looks for other vulnerable iPhones to infect.
That's a fairly limited number, to be sure. To be ikeed, an iPhone has to be first jailbroken; second, in a delicious irony, to be running the Unix SSH (Secure Shell) utility; and thirdly, still using the defaul SSH password, 'alpine.' So far it seems to be limited to Australia. Symantec has a few more technical details on how it works.
This past summer, one hacker explored using SMS to crash or take over iPhones. Security experts are predicting SMS will prove to be fertile field for enabling hacks of mobile phones of all types.
From reading some blogs and media coverage of the Ikee worm, I'm struck by the emphasis on minimizing this development. Ikee is a prank, it only changes the wallpaper, it's not too serious, it's only affecting Australia, it's only affecting jailbroken phones and so on.
Which is jarring when I consider the laudatory coverage of chest-thumping iPhone jailbreaks and unlocks -- where the iPhone is cut loose from AT&T to run on other GSM wireless networks. The general idea is that Apple is Big Brother, or at least your Mean Older Brother, and won't let you, you know, play with your toy the way you want to. There's a definite "real men jailbreak their iPhones" mentality. The most recent example is the blacksn0wprogram that unlocks the newest iPhone firmware from AT&T.
That same mentality plays out in terms of security. Jailbreaking the iPhone turns the user into his own security administrator. That's great is you're a security administrator, or a gifted hacker, or you just want to walk the wild side of mobile computing. But it's precisely what Apple's much-maligned walled-garden approach to mobile computing is intended to minimize. The vast majority of iPhone users praise the name of Steve Jobs for that.
Jailbreaking sets your iPhone free all right: free to get mugged by anonymous Dutch kids (one of whom exploited the same SSH weakness for his hack and then contacted his victims, offering to fix it for about $7 U.S.) , unemployed Australian programmers and any one else with the skills necessary to ransack your liberated phone.
Relying on the benign, or at least not too expensive, intentions of "good" hackers is not really a security strategy, or not a viable one anyway.
Maybe that's why there's so much hype around jailbreaking, and being free, and the Open Road of mobility. If you set other people's iPhones free, you can create a playground for your own entertainment, mayhem, and "public service" hacks even if, or especially if, they're unwelcome.