iPhone users who have jailbroken their handset to install third-party apps have fallen victim to a virus created by an Australian hacker that alters the phone's wallpaper to a picture of singer Rick Astley.
The hacker, Ashley Towns, a 21-year-old from Wollongong, south of Sydney, claimed the virus was a "harmless" practical joke.
The virus relied on the iPhone user leaving a default password unchanged after installing the software that allows them to run third-party apps.
It scanned the IP address range an iPhone was on and then a "random" 20 IP ranges from the American Registry for Internet Numbers (ARIN), Towns said.
The virus had spread to hundreds of iPhones nationwide by early yesterday and has since gone global.
It followed a similar virus where a hacker demanded users pay a fee of five dollars for its removal. But Towns was not demanding money from his version.
iPhone users flooded online forums including Whirlpool reporting the virus as early as Friday.
"I woke up this morning to find that the wallpaper on my jailbroken [iPhone] 3GS had been changed to a picture of Rick Astley (some 80's singer?) with the words 'ikee is never going to give you up'," wrote Whirlpool internet forum user sierralpha.
"Same thing is happening to me," wrote another Whirlpool user jmaust72.
Creator Towns said he "wasn't intending" the virus to spread as far as it did.
Towns, who goes by the alias of "ikee" and other variants, said he hacked the iPhones to "have fun". He hoped affected users would also see the "fun" side.
"I guess the immature side of me kicked in at first," Towns said. "And Rick-rolling is always a way for a cheap laugh.
"I wanted to have fun, and I did."
But some Whirlpool users failed to see the funny side.
"This is a bit of a jerk move," wrote Whirlpool user adamiam.
"Like, yes his justification for doing this was that it will prompt people to secure their iPhone, but it's still quite annoying".
Some users had private photos - which had previously been set as their wallpaper - sent to other user's iPhones.
And other affected users claimed the virus had resulted in excess data usage bills.
Towns admitted pictures of loved ones - in one case an iPhone user's child - had been sent to other iPhones infected by the virus.
"That was a flaw in the first variant [and I] didn't quite think things over too much," said Towns.
"I hope no one got anything too private".
Towns also conceded he had "never thought" about whether the virus would cost users in excess download fees - and in turn higher bills.
"It would be weird if it ... started on the 6th [of November] because ... my billing cycle ends on the 6th and I checked my bill today and I am $200 over my cap, which I think is impossible," alleged one Whirlpool user, JoshuaSpence.
"Worried" about legal fallout
At first Towns claimed he was "aware" of the legal implications of creating the virus but was "not concerned" by them.
He later said on Twitter that the media coverage had gotten him "worried".
Towns said his own iPhone had infected over 100 iPhones. But he couldn't say how many iPhones had been infected by other iPhones.
Towns also said he originally intended to have a user's ringtone changed to singer Rick Astley's 1980s hit Never Gonna Give You Up. He said, at the last minute, he couldn't find an audio converter that made that possible.
Hacks like this have seen Apple respond by cautioning users against installing software that jailbreaks the iPhone's operating system.
"Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch," states Apple's website.
Apple recently posted a job listing on its website for an "iPhone OS Platform Security Manager" to oversee a team "focused on the platform security of iPhone OS" and ensuring "secure booting and installation of the OS".
It was believed the job was to secure the iPhone from being jailbroken.
Issue: 336 | March 2015
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.