iPhone Hacker Proves That Crime Can Pay

MacMobilitySecurityWorkspace

The Australian hacker who developed the first worm for the iPhone has been rewarded for his efforts with a job at an iPhone application development company

According to reports on the BBC, and from security researcher Sophos this week, 21-year-old Ashley Towns announced his employment via Twitter. He is reportedly taking up a position with Australian iPhone application developer mogeneration, which has created games including Moo Shake.

The effects of the worm created by Towns were relatively benign – it changes the handset’s wallpaper to an image of 80’s UK pop crooner Ricky Astley – but Sophos warned in a statement in early November that the source code has been published online and could be used to create a more destructive attack. The virus, known as the ikee worm, is also only able to penetrate so-called “jailbroken” iPhones that have been opened to allow them to be used on any network.

For its part, mogeneration does not appear to be overly concerned about the ikee worm. In early November the company issued a statement saying it was the news reports about the worm that behaved “akin to a virus”. “mogeneration would like to offer some commentary on the Rick Astley virus news stories that are currently spreading like, well, a virus,” the company stated. “If you bought your phone from a phone company and just use the iPhone to make calls, listen to music, take photos and use apps from the app store then you will NOT be affected by the virus.”

Mogeneration is also highly critical of jail-breaking iPhones. “It’s akin to taking the lock off the front door or disabling your cars airbag, you can do without them but they were there for a reason,” the company states.

But Sophos’ predictions about Town’s work being used for a more serious attack appear to have been born out by the recent arrival of Duh worm which “attempts to convert iPhones into a botnet and steal financial information”, according to Graham Cluley, senior technology consultant for Sophos.

“Lets not forget that his worm not only made unauthorised modifications to the iPhones of its innocent victims (requiring a fiddly repair), and contained some elementary bugs, but it also provided the template for the more dangerous Duh worm which attempts to convert iPhones into a botnet and steal financial information,” said Cluley.

The Duh worm, or ikee 2 as it also known, is specifically targeting people in the Netherlands who use their iPhones for internet banking with Dutch bank ING, according to reports earlier this week from another security specialist F-Secure. F-Secure research director Mikko Hypponen told the BBC that the worm is capable of jumping from phone to phone among owners using the same Wi-Fi connection.

Commenting on mogeneration’s decision to hire Towns, Sophos’ Cluley said he did not object to hackers being given a second-chance but was more concerned about the lack of remorse or an apology. “Don’t get me wrong – I don’t think virus writers shouldn’t be allowed to rehabilitate and do something worthwhile with their lives,” Cluley wrote on his blog. “But it jars with me that Towns has shown no regret for what he did, and that now his utterly irresponsible behaviour appears to have been rewarded. Will Towns be offering a token $5 compensation to all those he infected for the inconvenience he caused? I doubt it.”

Aside from any issues of irresponsibility on Town’s part, Clulely questioned his abilities as a coder. “There are plenty of young coders out there who would not have acted so stupidly, are just as worthy of an opportunity inside a software development company, and are actually quite likely to be better coders than Towns who made a series of blunders with his code,” he said.

The use of Rick Astley in the ikee worm refers to the harmless internet meme of “rickrolling” – pointing unsuspecting users to a video of Astley singing Never Gonna Give You Up, instead of any other link.