An iPhone worm, dubbed “ikee”, has been found in the wild affecting jailbroken iPhones (iPhones hacked to allow installation of software other than through iTunes). The worm takes advantage of a weakness in jailbroken iPhones whereby ssh (secure shell) access is available with a widely-known default password. (Users who have changed the password are not vulnerable.) We recently discussed a Dutch hacker who was taking advantage of this same weakness, one which can allow full access to the contents of the iPhone.
This worm, however, was meant as a “prank” and installs an image of Rick Astley as wallpaper, then turns off ssh (thereby making the “infected” phone safer), before sniffing around to try and find other phones to infect. Created by Ashley Towns, an unemployed Australian programmer, this “prank” seems to have gotten a bit out of control. While it can’t infect all jailbroken iPhones – some phone networks use NAT (network address translation) that prevents direct access to an iPhone using an IP address, and others block ssh packets on their networks – the worm seems to have spread outside its native Australia.
One way to protect against this exploit, as well as others that take advantage of the ssh weakness, is to change the root password for the iPhone. This page explains how to do this.
Intego VirusBarrier X5, with the latest virus definitions, detects this worm as iphone/sshgate.a to sshgate.d (there are currently four variants).