Over the weekend, researchers at cybersecurity firms Sophos and F-Secure detected the world's first active iPhone worm, spreading among Apple smart phone users in Australia. Only users who have "jailbroken" their phones--altered them to run applications not authorized by Apple--are vulnerable, and among those, only those who failed to change their default password for a secure shell (SSH) application that allows file transfers between smart phones.
The payload of that unwelcomed program? Not a password-stealing keylogger or spam sending software, but a switch of the user's operating system wallpaper to Astley's face, along with a message: "ikee is never gonna give you up." (Astley's 1987 song of a similar name has been at the center of a viral "rickrolling" Web phenom, in which users trick friends into clicking on a YouTube link to Astley's hyper-cheesy music video.)
Since the iPhone's advent, cybersecurity researchers have warned that its popularity would lead to new interest in smart phone hacking by cybercriminals. In July, Apple cybersecurity guru Charlie Miller showed at the Black Hat Conference in Las Vegas that a text message vulnerability in the phone would allow hackers to take control of the phone and use it to propagate more attacks, quickly spreading from iPhone to iPhone. Apple patched the flaw the day after Miller revealed it.
Researchers haven't estimated how many phones have been infected with the rickrolling "ikee" worm. But it's likely far fewer than would have been affected by Miller's text messaging vulnerability. Though around 4 million iPhone users have jailbroken their phones, according to mobile analytics firm Pinch Media, only a much smaller subset have likely failed to change their default password.
Text and images: Copyright Forbes.com Any unauthorised reproducton is prohibited.
Image: Best App for Writerly Tweets