There is a good deal of hype over the “
The ikee Worm story starts early Friday morning local time for those in Sydney (GMT +10). Written in C, the ikee project started out as a lesson in learning more about the
The ikee Worm has quickly become one of Australia’s most talked about iPhone modifications online. The first sign someone has been hit by it is the stunning picture of Web meme and 80’s icon Rick Astley. Essentially, the iPhones were all Rickrolled in record time. Ash said that he has no way to know how many were hit by ikee, but he can guess that its more than the initial 100 that were directly infected from his iPhone.
The news spread like wildfire, thanks to coverage from Sophos and Mashable, as well as the rapid fire conversations on Twitter over the weekend. Users who have jailbroken iPhones or iPod Touch devices and an active SSH daemon running with root/alpine access are the only ones vulnerable to ikee. It’s important to note that ikee only targets jailbroken devices.
[Note: There are very few reports of iPod Touch devices being hit. Mostly this has affected iPhone users. I wanted to clear that up. -Steve]
The Worm will scan the 3G IP range the device is on, and depending on what it discovers, will attempt infect other devices. What it is looking for are SSH Daemons, which it will attempt to connect to. Once infected, the Worm will disable SSH, alter the background of the device to Astley’s image, and leave the comment, “ikee is never going to give you up.” If the network you’re on uses NAT (Network Address Translation), then you are safe most reports confirm.
There have been four variants of ikee, “Variants A-C were quite similar and the ones most people have bought up. Variant D is fair bit different; it stores its files in a completely different place and hides itself a lot more…” Ash said in an early interview on another site. [Transcript] That interview, and most of the talk centered on those hit by ikee, started here on the Whirlpool forums.
However, hype aside, no one seems to recall that by jailbreaking their devices and using the default username and password settings, those who were impacted by ikee allowed this to happen. If the ones who opted to enable SSH altered their default password, they were immune to attack. Not to mention, those who are upset over the “criminal act” seem to forget that jailbreaking the iPhone in itself is frowned upon.
This is why using jailbreaking tools are a double edged sword. If you do not fully comprehend what you are doing, you can expose yourself to a lot more than a bricked phone.
What seems to be missing from a good deal of talk online is the fact that ikee did nothing malicious other than change the background image while adding a somewhat comical message. There is nothing being collected, as it “definitely does not call home or collect any information at all,” Ash said.
Considering the level of access that was allowed thanks to the use of the default credentials, anyone vulnerable to this level of attack can offer up all kinds of interesting information.
We asked Ash to list some of the things malicious code could have accessed using the same attack he did. He explained that the address book, SMS messages, and pictures, as well as the purchased applications themselves, were all open, especially “E-Mails containing stored banking information.”
One thing Ash could have done, but didn’t, was demand a ransom. Just last week, users of jailbroken devices were held hostage for the sum of five Euros, after a Dutch hacker targeted the default SSH access. After the news spread of the attack on Dutch iPhone users, the ransom was dropped and instructions given to return the devices back to normal. The point is that ikee is the second attack in as many weeks on default credentials.
Once Sophos picked up the story, and the blog interview started to circulate, the source code for ikee was examined. While not really attempting to hide himself, Ash watched as links to his various social network accounts appeared online. We asked if he was shocked by this.
“That scared me quite a bit, the way it went from something so small to massive news so fast, I wasn't contemplating the attention. [It was] quite worrying….people are talking about how there could be legal problems and the likes, I was never planning on it to be like this.”
According to Paul Ducklin, Sophos's Head of Technology, Asia Pacific, "If he did write and set loose this virus on the network, he probably ought to be worried, since breaking into other people's computers isn't acceptable - even if they have chosen (or, in this case, Apple has chosen on their behalf) an effectively useless password.”
The problem is Apple has said that jailbreaking is illegal. While ikee is an Australian issue, here in the U.S. the legality is murky.
“Apple is opposed to [jailbreaking] because it will destroy the technological protection of Apple’s key copyrighted computer programs in the iPhone device itself and of copyrighted content owned by Apple that plays on the iPhone, resulting in copyright infringement, potential damage to the device and other potential harmful physical effects, adverse effects on the functioning of the device, and breach of contract.” [Source]
At the same time, the EFF asked that as a part of the 2009 DMCA rulemaking, that the Copyright Office add an exemption to the DMCA that would allow jailbreaking under the law. This, the EFF said, is because the courts have long recognized “…that copying software while reverse engineering is a fair use when done for purposes of fostering interoperability with independently created software, a body of law that Apple conveniently fails to mention.” [EFF Proposal]
The deciding factor for any legal claims may come from Optus and any of the other carriers who have had customers affected. However, those customers voided most of their contracts the second they broke those phones. So, considering the murky issue over the legality of jailbreaking in the U.S., the fact that what Ash did is best compared to vandalism and harmless, and he is only one of a long line of hackers who have released working code to demonstrate flaws, if there are legal issues for him to sweat is anyone’s guess.
One thing Ash is glad for, when considering the hype, is that there is a strong attention to the default credentials being used on the jailbroken devices. The goal for the most part was to get people to change them, because “not doing it opens your phone up to so much.”
“I use the jailbreak applications myself and love them for what they have done dearly…users should really try to comprehend the risks of installing a service like SSH onto their phones,” Ash said.
With regards to the hype and FUD over the ikee Worm he added, "I could understand if this was an exploit in the software itself that users would have little to no control over, but this is something they have complete control over.”
"This time it wasn't malicious, but who knows what next time could bring? Lots of people put all of their trust in these devices. They store all of their personal information on them with applications, contacts, emails and more. If you jailbreak your device, just make sure you completely understand what you are doing.”
Share on MySpace!
0 comments:
Post a Comment