iPhone Rickroll exploit gets nasty, can now steal personal data

by Lee Mathews on November 11, 2009 at 02:00 PM

What started out as a mostly harmless annoyance coded by a young Australian lad to mess with his friends has turned ugly [Insert your own Rick Astley joke here].

Intego reports that the exploit used by the ikee worm - which only swapped out users' iPhone wallpaper for a mugshot of the ginger king of the 80s - is being used to steal personal data from affected devices.

The worms are only a concern for those running jailbroken iPhone and iPod touches, of course. Still, even at Intego's estimate of 6-8% of those devices being jailbroken that puts the number at risk at well over 2 million.

It's simple enough to protect yourself - all you have to do is change your root password to something other than the default 'alpine.' Our friends at TUAW posted the following instructions:
Type: ssh root@(iPhone IP address)
When prompted for the password type: alpine
Now you're connected the phone...
type: passwd
It should then prompt your for a new password -- type one that you'll remember. There's no easy way to reset it if you forget it.
Turning off SSH is an option, too, but you should still change the password as well.