A worm worms its way into some iPhones that have been jailbroken -- self-vandalized to run unauthorized software. But no worries, as they say in Austrialia, where the worm, called Ikee, was written by an out-of-work programmer who admitted he was a "little niave" about the resulting global digistorm.
Ikee changes the phone's wallpaper to use a photo of 1980's pop singer Rick Astley (an echo of the "Rickrolling" phenomenon which fooled Internet users into watching an Astley music video by masquerating as something else), and then looks for other vulnerable iPhones to infect.
That's a fairly limited number, to be sure. To be ikeed, an iPhone has to be first jailbroken; second, in a delicious irony, to be running the Unix SSH (Secure Shell) utility; and thirdly, still using the defaul SSH password, 'alpine.' So far it seems to be limited to Australia. Symantec has a few more technical details on how it works.
This past summer, one hacker explored using SMS to crash or take over iPhones. Security experts are predicting SMS will prove to be fertile field for enabling hacks of mobile phones of all types.
From reading some blogs and media coverage of the Ikee worm, I'm struck by the emphasis on minimizing this development. Ikee is a prank, it only changes the wallpaper, it's not too serious, it's only affecting Australia, it's only affecting jailbroken phones and so on.
Which is jarring when I consider the laudatory coverage of chest-thumping iPhone jailbreaks and unlocks -- where the iPhone is cut loose from AT&T to run on other GSM wireless networks. The general idea is that Apple is Big Brother, or at least your Mean Older Brother, and won't let you, you know, play with your toy the way you want to. There's a definite "real men jailbreak their iPhones" mentality. The most recent example is the blacksn0wprogram that unlocks the newest iPhone firmware from AT&T.
That same mentality plays out in terms of security. Jailbreaking the iPhone turns the user into his own security administrator. That's great is you're a security administrator, or a gifted hacker, or you just want to walk the wild side of mobile computing. But it's precisely what Apple's much-maligned walled-garden approach to mobile computing is intended to minimize. The vast majority of iPhone users praise the name of Steve Jobs for that.
Jailbreaking sets your iPhone free all right: free to get mugged by anonymous Dutch kids (one of whom exploited the same SSH weakness for his hack and then contacted his victims, offering to fix it for about $7 U.S.) , unemployed Australian programmers and any one else with the skills necessary to ransack your liberated phone.
Relying on the benign, or at least not too expensive, intentions of "good" hackers is not really a security strategy, or not a viable one anyway.
Maybe that's why there's so much hype around jailbreaking, and being free, and the Open Road of mobility. If you set other people's iPhones free, you can create a playground for your own entertainment, mayhem, and "public service" hacks even if, or especially if, they're unwelcome.
Cox is a senior editor at Network World.
The Leader in Network Knowledge
The newest jailbreak
The newest jailbreak software is call BlackSn0w.
Black something or other
John W. Cox senior editor Network World
You're right! I mixed them up. Thanks.
I'm making the correction now.
someone sure is biased...
Look, the iphone makes a great PDA, and it has a lot of potential as a personal computing device. Apple is so strict about what they allow, they even reject an ebook about using the iphone, simply becuse it had the name iphone in it. Does this make sense? no, it doesn't. I dont ming be locked into AT&T (even though their service is horrible), but I do mind when the manufacturer of a computer tells me I am only allowed to run programs that "they" determine to be okay.
Oh, and I know and support a small community of friends and family (over 20+ people) using iphones, and not one of them is happy that apple does this.
Biased...
John W. Cox senior editor Network World
Anon, thanks for your comment, though I'm not sure why my post shows "bias?"
I don't know about the "ebook with 'iPhone' name" event. But there are now 100,000 applications in the App Store. Being strict and having a lot of applications are not mutually exclusive.
I appreciate that any number of users are unhappy that they can't load a particular favorite application on their iPhone, or as many of them as they'd like. But they're obviously not unhappy enough to scrap the iPhone, right?
How unhappy would they be be if they loaded serious malware on it, or their liberated applications on their liberated iPhone stepped all over each other?
To me, it's only half-right to call the iPhone a computer. It's actually a MOBILE computer, which is different obviously in all kinds of ways from a desktop computer. Smaller screens, less RAM, less storage, less powerful CPUs and so on. These are constraints that applications have to live with, or live within.
There are plenty of really smart, tech-savvy people who can and want to manage and handle all this, without a strict, Mean Older Brother.
Are there any jailbroken iPhone users who want to comment? It would be interesting to know what the additional management and security management burdens are after the breakout, what if any security issues they've run into, and what they think of this iPhone worm.
it's
Hi,
text: A worm worms it's way
error: it's
fix: its
Thanks,
--arden
Post new comment