back to article World's first iPhone worm Rickrolls angry fanbois

iPhone owners in Australia awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that's not easily removed. The attacks, which researchers say are the world's first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed …


This topic is closed for new posts.


  1. Law

    give the guy a medal... sorta

    He's actually doing the jail-breaking community a favour - ok, so having the worm reset the pic to ricky is a tad mean and unnecessary, but I guess it forces the kind of person who leaves their default password on to really think about what their phone is actually doing.

    I'm waiting for my Dext to be delivered - once it turns up, my jail-broken iPhone is gonna be wiped and sold... although I should point out not because of this worm!! :)

  2. Anonymous Coward

    Don't break out of jail

    unless you know what you are doing and that probably rules out 98% of mactards. Leave well alone what you don't understand. The unix guys hack away and lock down the SSH if you need it or bin it.

  3. gollux

    Bout time...

    If you're gonna jailbreak, ya gotta be smart enough ta change the passwords.

    No lame haxxorz need apply...

  4. Il Midga di Macaroni

    The old, old story

    One more case of the old, old story. If you don't take security seriously, you're at risk.

    Security by Obscurity (ie running a less common OS for which there aren't as many worms in circulation) is only good up to a point.

    Moral of the story: if you don't know anything about computer security, find someone who does.

  5. Kevin 6


    he should have had it also change the ringtone to Never gonna give you up

  6. David Simpson 1
    Thumb Down


    It's certainly plays right into Apple's hands making sure it's in people's best interest to leave Apple in control of their iPhones.

    Not that Apple would create and infect their own handsets with a virus that only attacks jail broken phones , of course not :P

  7. Anonymous Coward

    Old News

    We identified this issue a while ago... Interesting to see that it has now been exploited...

  8. Nordrick Framelhammer
    Thumb Up

    Finally, a use forthe Rickroll

    Using to humiliate Jobsientologists. Whas a shzame it didn't set an alarm that played that song every 15 minutes. That would cause a lot of crushed imaposerPhones

  9. Bruce Hoult

    "jailbreak" does not imply "ssh"

    Jailbreaking doesn't by default install the SSH server. You have to do that yourself, presumably because you want to use it.

    So the instructions given for changing the password are a bit silly. No need to install MobileTerminal specially. Just ssh in over wifi (it's why you installed ssh, right?) and run "passwd".

    It's hard to believe that anyone who knows enough to want to SSH in to a Un*x system doesn't know how to change a password.

  10. Charles 9 Silver badge

    Why don't the jailbreak progs...

    ...simply disable SSH when they're done?

  11. Peter 39

    fix story title

    This is NOT an iphone worm and it's incorrect and inflammatory to claim that. It's a work targeting the jailbreaks, nothing more

  12. Anonymous Coward


    So a hacked system is insecure --- what a surprise

  13. Winkypop Silver badge


    That's all...


  14. Antti Roppola

    Ear worm

    So I guess this means Rick Astley is officially an Ohrwurm (earworn).

  15. Alan W. Rateliff, II
    Paris Hilton

    Blanket solution will piss off administrators

    I can easily see where providers like AT&T would, in an attempt to prevent this worm from spreading, block port 22. This will, of course, deny many system administrators access to a legitimate tool.

    I just hope AT&T will be smarter about it. Maybe block port 22 INCOMING, if they are going to do anything at all. To a large degree, I am surprised they do not block incoming connections, anyway.

    Paris, prefers open ports.

  16. hikaricore
    Thumb Up



  17. Anonymous Coward


    "display an image of 1980s heart throb Rick Astley that's not easily removed."

    Much like the national conscience, *shudder*.

    Seriously though, why the hell do consumer devices have to have default root/admin/super-user passwords? If they never need to be changed you simply ask the user to setup a one time super-user/top-dog password which they need to write down somewhere safe and never reveal to anyone! Then they set up their own password, job done!

    If you've an IQ large enough to understand the workings of complex communication gadget, then I am sure you can cope with coming up with two passwords! Even if they are the same one, at least it's not simply the same password across 20 million devices!

  18. MidnighToker

    PermitRootLogin = no

    Seems obvious on (nearly) every sshd install.

  19. Bad Beaver

    I certainly


    We need an option to combine icons, as this is both thumbs up, thumbs down, WTF, FAIL, AND I'll drink to that.

  20. blackworx
    Thumb Up


    "if owners haven't bothered to change their root password, they represent a gaping hole waiting to be exploited"

    there, fixed

  21. Greg J Preece


    "This is NOT an iphone worm and it's incorrect and inflammatory to claim that. It's a work targeting the jailbreaks, nothing more"

    Oooh, a touchy Mactard there.

    It's a program that targets the jailbreaks on which phone?

  22. Keith Oldham

    Why set port to 22 ?

    Don't know about the iphone but I never set the SSH port to 22 or anything like. My router logs over many months show 4-5 attempts a day to connect to 22 but none to the the actual port .

    But I guess if you don't know enough to change the password .....

    I use a non-trivial account name as the only allowed connection + 20 char hideous password generated from a simple passphrase by a little password protected C program. whose source code and executable is protected by having permissions set to x only and owned by root.

  23. Anton Ivanov

    Re: Arrrghh!

    Quote: Seriously though, why the hell do consumer devices have to have default root/admin/super-user passwords?

    They do not. And apple did not. It used what should be used to manage consumer devices - certificates and public keys. The password is not accessible and not exposed in the default config. It becomes an issue only once you have hacked the iPhone. Prior to that authorisation to install software, etc is all done via public key cryptography. As far as having different passwords per device, I do not quite see the justification on wasting software development effort on this if it is not an interface that will ever be exposed to the user.

  24. Daemon ZOGG


    If it runs software, it probably has a default password somewhere. Mostly, in Operating Systems, Security based software(i.e. ssh, firewalls, anti-virus, content filters, etc).

    The software in Network Routers (wired or wireless), DSL Modems, VPN hardware, AND YES.. Mobile Phones are just a few fine examples.

    Failure to change the default password for your device/pc, or the software within it, will at some point teach you a very disturbing lesson about security.

    So. TWO VERY IMPORTANT THINGS we all learned from what happened in Australia?

    It CAN happen to YOU too. AND MOST IMPORTANTLY :





    Arrrrrrrrr!!! " };> "


  25. Nick L

    @Charles 9

    Thing is, they don't even install SSH by default. You need to manually install SSH, and the process tells you that you need to change the root password.

    Jailbreaking has been made easy, which is good. Out of the box, I believe a jailbroken iphone is secure.

    People have to choose to install. If you're doing this you should understand why you're doing it, and also understand the implications. If you do install, don't change passwords and merely get rickrolled, you have been hugely lucky!

  26. Anonymous Coward

    @Peter 39: What is a worm?

    "This is NOT an iphone worm and it's incorrect and inflammatory to claim that."

    Admittedly from Wikipedia:

    "A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention."

    Sounds like what's happening here, and it's only affecting iPhones. That makes it an iPhone worm.

    It might be inflammatory, but it's certainly not incorrect.

  27. Anonymous Coward
    Paris Hilton

    @Peter 39

    'This is not an iPhone worm'

    Smells like a turd, looks like a turd, runs on a turd, yup, it's an iPhone worm.

    Or are you saying that a jailbroken iPhone isn't an iPhone anymore?

    Paris, she's got a clue at least...

  28. Anonymous Coward


    Rick Astley?

    A 1980's heartthrob?

    That is a bit over-ubiquitous isn't it?

  29. studentrights

    Just shows that Apple was right...

    The lock down with a secure AppStore is there for a reason.

  30. phoenix

    @By Peter 39

    The last time I checked self replicating code that spreads itself with no user intervention (clicking on a exe) is a worm. Sophos (who should know) back me up on this one. But you are right in one respect it is not meant to be harmful only a public proof of concept.

  31. Steve Brooks


    "So a hacked system is insecure --- what a surprise"

    Well actually no, any system that has a "default" password that isn't prompted to be changed automatically on first use is insecure. On first turning on an iphone the correct procedure should be to prompt people to enter their own passowrd and thus replace the default password. The insecurity is built into the system, much like windows, surprise!

  32. Doug Glass

    Oh Fanboys .....

    Did somebody pick on your wittle phone? Awwwww ..... mommie will make it all better; yes she will.

  33. Andy 70
    Thumb Up


    May i second that motion, and follow it up with my own, additional;


    Many Thanks.

  34. Anonymous Coward

    Mactards get back in your locked cage

    Or get a virus scanner - there's an app for that... oh wait...

  35. TeeCee Gold badge


    Being made to feel like a complete n00b for not changing passwords?

    There's an app for that.

  36. Piers

    "I foolishly had forgot to change my root and user password last time i had jailbroke my phone"

    says. it. all. foolishly.

  37. McMoo

    Written by Apple

    I wonder if Apple is making a point?

  38. Anonymous Coward

    To all the flamers...

    ... who think it is an iPhone worm and are busy mocking others, consider this. I've taken a Linux build, heavily modified it, left an SSH daemon running on default ports with a well known password and suddenly find myself owned. Do I have a leg to stand on by running (or hopping) to the Linux community or the media shouting "I've found a Linux exploit!!"?

  39. David 34

    The title should be qualified by jailbroken iPhones

    Well, what do people expect?

    If you hack a device, install proper security measures and stop bitching about the manufacturer.

    Like it or loath it, Apple's default setup on those phones is secure. This stuff is totally beyond their control and it's rather unfair to suggest that it has implications for iPhones.

    Apple could prevent some of this kind of nonsense by selling the damn things SIM free without ball-breaking contracts and network lock-ins.

    However, in the interim, their product is an iPhone, with their software on the networks that they have agreements with, and not anything else.

    That situation will only change when competition increases. We are really only starting to see the emergence of competing platforms, the iPhone has a couple of years' head-start.

    Google Android, Nokia's Maemo and perhaps Palm Pré (but it's a remote perhaps) will undoubtedly shake up the market quite a lot and Apple will inevitably relax some of its policies as it will become more concerned about shifting phones and apps than getting money out of network operators.

    i.e. we will quite likely see a more iPod like strategy as the touch-screen smart phone with apps becomes a more generic and widespread device.

  40. Georgees

    First thing I did after jailbreaking...

    Was turn off SSH. It's a toggle switch ffs.

  41. Anonymous Coward
    Thumb Up

    @Steve Brooks

    > any system that has a "default" password that isn't prompted to be changed automatically on first

    > use is insecure. On first turning on an iphone the correct procedure should be to prompt people

    > to enter their own passowrd and thus replace the default password.

    What part of "SSH isn't installed on iPhones by default, the user must first HACK the phone, then must CHOOSE to install it themselves" didn't you understand?

    How can you change the password for SSH on the iPhone when first turning it on, if SSH ISN'T INSTALLED IN THE FIRST PLACE? Duh!

    Jeez, some people are idiots, and you even put your name to your comment.

  42. Adam Salisbury

    @AC 10:13

    No you don't.....but it's still an exploit! If someone else were to gain control of, or negtively influence your system then by definition, it has been exploited. Deliberately/neglitgently failing to secure a system does not exemplify the hole from being an exploit.

  43. Remy Redert

    re: To all the flamers

    No, but if hundreds or thousands of people all do that and someone writes a piece of software that takes advantage of that and self-replicates over the network without user interaction, that IS a linux worm. And it's an iPhone worm, not an exploit, that we're talking about here.

    Incidentally, doing that and running to the linux community for help is likely to result in a lot of laughter, after which someone might help you.

  44. Anonymous Coward


    So some stupid people who hacked their Iphones and didn't change the passwords are having problems. This isn't news, it would only be news if it happened to Iphones that hadn't been meddled with.

  45. Anonymous Coward
    Anonymous Coward

    not much a scare

    I think this highlights the issues of using jailbroken iphones without really knowing what you're doing or being complaicent.

    Most user will not have a jialbroken phone, and those that choose to jailbreak it, should have the technical knowhow to keep it safe, especailly if you install OpenSSH on the thing.

  46. James 47
    Thumb Up

    Is this the first true mobile phone worm?

    The only other one I can think of is Cabir which only installs when the user chooses 'Yes' three times. This one, from what I can see, requires no user interaction to get installed.

    Apple Fail.

  47. PirateSlayer


    I am seeing a trend in Apple product user's regard for their fellow (less intellectually endowed) users.

    Apparently, if something goes wrong with an apple product for any reason, the user is a cretin.

    Apple user enables guest account and it overwrites their main account: user is a cretin

    Apple user jailbreaks their phone and does some wizardry: user is a cretin.

    I wonder which Apple product will be affected next. In any case, I know that whatever the problem is, the user will be to blame...and probably a cretin.

  48. ThomH Silver badge

    @Greg J Preece

    It jailbreaks the iPhone, a device owned and used by both Mac and Windows users, and supported on both platforms. So, ummm, iPhonetards? Oh, and iPodTouchTards, too.

    I wouldn't be surprised if the majority of iPhone owners are also Mac owners, but I would be surprised if the majority of iPod Touch owners are. There's just too many of them about.

  49. phoenix
    Jobs Horns


    The iphone is based around FreeBSD and by default you cannot login as root over ssh on true BSD, you need to login as a user with wheel group memembership and have to su up to full root access. Something must be a bit wrong with the Apple implementation of this daemon

  50. Anonymous Coward

    How does this work exactly?

    I'm thinking it can't possibly work over the 3G connection as no ports are forwarded to the shared IP, or is it shared?

    Then that only leaves WIFI to a trusted network. If you don't have any firewalls set up you deserve to be hacked...


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019