Viruses, malware, and malicious code in general are elements that have accompanied the evolution of computing since its earliest days. However, the arrival and popularization of Windows as the most used operating system and with serious security breaches made it a target highly attacked by hackers. The same began to happen with the appearance of Android, meanwhile, Apple users were very relaxed both on their desktop and mobile platforms.
This was so until 2009, when around the month of November, from Australia, reports began to be received from iPhone and iPod Touch devices, whose image on the lock screen changed to a photograph of British pop star Rick Astley.
“Ikee is never going to give you up”
When we think of malicious code, we imagine a program that puts any computer system and its users in serious trouble. In that sense, we think of things that range from the theft or hijacking of information to the possibility of leaving the devices unusable, but in this case it was not.
Reports from Australia indicated that an image of Rick Astley that could not be changed had been configured on the affected devices and a message that said: “Ikee is never going to give you up” which in Spanish says “Ikee is never going to leave you ”, Referring to the impossibility of changing the image.
In this way, the first iOS malware in history broke out, taking by surprise all Apple users who so far seemed armored to these attacks, but what happened? How could this little code sneak into so many computers?
Jailbreak and an SSH gap
The security of Apple computers was the envy of the other operating systems, recurring targets of all kinds of malicious code attacks. However, in terms of computer security, not everything is completely safe and the creator of the Ikee worm made this clear by noting where to enter your malware.
The victims were devices that had gone through the jailbreak process where the SSH protocol was also incorporated through the OpenSSH app. This protocol and its implementation through the app, provides the possibility of establishing remote connections with the device using the terminal. The problem is that when installing it, a default password is established that must be changed.
In that sense, Ashley Towns (pseudonym of the creator of Ikee) declared having scanned his local network one day, finding 27 iPhone devices, where only 1 had changed the default SSH password. This means that he was able to access 26 devices, so he developed the Ikee code to exploit this vulnerability.
A harmless joke? Or a blow to Apple’s security?
The situation Ikee went through was not really serious, that is, it was a malware that changed the wallpaper and nothing else. Their solution was as simple as changing the default SSH password to unlock setting a new image. On the other hand, if we look closely at the situation, we can notice that firstly, the affected devices went through the jailbreak process and also, their users did not change the default SSH key.
In this sense, from Apple jailbreak processes are not recommended and on the other hand, users made the mistake of not changing the default password. So, the actions occurred leave Apple out of the set of responsibilities of this issue.
What Ikee’s story leaves us is that changing a default password is crucial to protect us from any security problem. Additionally, the users were able to know that there are security breaches after the jailbreak processes that it is necessary to pay attention to avoid unauthorized accesses such as the generator by Ikee. Although the attack was harmless, it left the door open for both Apple, its users and even those who develop malware to understand everything that could happen with security breaches like these.