November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

In an interview published with the author of the iPhone worm, he states that his iPhone alone has already infected 100+ devices, and commented that international propagation “would have been sheer luck“, since “the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on”.

Interestingly, in a recent poll results, 76% of the people who voted believe that “He’s done iPhone users a favour. This was an acceptable way to raise awareness of poor security“. I wonder what would their attitude be if they knew that several modifications and customized modules are already capable of stealing their SMS messages and contacts, potentially using them for fraudulent activities.

What do you think, did the teenagers that launched these attacks during the last two weeks did someone a favor, or did they actually started a short-lived trend with malicious copycats already looking for ways to exploit the potentially hundreds of thousands of jailbroken devices using the easy to find 3G IP ranges?

TalkBack.