In continuation from our last post, here is yet another development which took place in the last few days when some jailbroken iPhone users found their home screen background a little different than it was last seen by them. If your jailbroken iPhone has changed its background automatically to that of Rick Astley (some 80’s singer) with the words "ikee is never going to give you up", then you are most likely a victim of ikee virus which infects iPhone’s via SSH. The virus in question has originated from Australia by a hacker named Ikee and it is now quickly spreading to other parts of the world. If you have been affected, luckily there is no harm done as this virus was more of an experiment than anything else.
ikee is basically a worm which infects an iPhone via SSH. Once an iPhone has been infected by ikee, It automatically starts searching for other iPhone’s on the cellular network that use the root:alpine username/password combination. Once it finds another vulnerable iPhone, it installs itself and begins the process again and this goes on like a nuclear chain reaction. ikee virus will disable SSH access on your iPhone and will change the background image to that of “Rick Astley” as can be seen in the screenshot above.
Here is an excerpt from the recently held interview with the hacker Ikee over IRC:
First I was curious to how far something like this would actually spread, I think what most people were unaware of is the fact it is a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up I checked Google and found out a fair few people were hit with it). Secondly I was quite amazed by the number of people who didn’t RTFM and change their default passwords. I also didn’t think that many people would have not changed their passwords. I was expecting to see maybe 10~ or so people, at first I was not even going to add the replicate/worm code but it was a learning experience and I got a tad carried away. I heard a few stories about it, that would have been sheer luck, the code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on. I don’t think it was an Optus fault (Being an Optus user I quite like the fact I can access my iPhone services from the outside world), I think it was mainly the fault of people being too lazy to change their passwords (It only takes a couple of seconds guys) and I hope this taught a few people that.
To protect your jailbroken iPhone or iPod touch from ikee virus attack or any other similar attacks in the future, you must change your default SSH password now. Follow our detailed step by step guide posted here which explains how to change your SSH password. Remember to secure your iPhone is yours and only your responsibility, else there are many hackers out there with brilliant minds who can easily infringe on your sovereignty.