1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iPhone worm creator lands software job

Discussion in 'News' started by UKDarkstar, Nov 27, 2009.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster


    iPhone worm creator lands software job

    The 21-year-old hacker who wrote the first iPhone worm has landed a job developing software for the phones.

    Ashley Towns wrote Ikee, a self-propagating program that changed the phone's wallpaper to a picture of 80s pop singer Rick Astley.

    Mr Towns has now been employed as a iPhone application developer for Australian firm mogeneration.

    Ikee was not malicious but paved the way for a more serious variant which targeted users of the online bank ING.

    "It leaves a nasty taste that he has been rewarded like this, yet has not even expressed regret for his actions," Graham Cluley of Security firm Sophos told BBC News.

    Mr Towns said that he had created the virus to raise the issue of security. He has not faced any criminal charges.

    Full story : HERE
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)


    1. michael78
      I'm off to rob a bank to see if they will give me a job as a security advisor. Crazy as this just says create havok and get employed. All virus coders when caught should go to prison as they cause damage and make people's lives a nightmare cleaning up the mess.
    2. dazza786
      I'm sorry but I agree with what has happened. It's the rule of the game and how things should be.
      Well done him!

      if you think about it.. if there wasn't any hackers making what they make, there would be no market for a lot of IT jobs.
    3. michael78

      ehh no he should be strung up by his balls and flogged. Hackers are spotty little oinks with no mates and little chance of getting layed so they sit in their rooms writing viruses to make the rest of us feel as pointless as their lives when we have to clean their hobby up. Maybe they should just get a life instead of cracking one off to writing a virus.
    4. simongrahamuk
      I agree.

      In order to successfully implement security you must know what you are trying to protect against.

      I do believe that he perhaps should have faced some kind of charge, but it happens time and time again, if you're good at something it gets you noticed. Beats having to write a CV. 8)
    5. dazza786
      jealous much?

      It was told that the application was harmless and basically rickroll'd their screensaver\today image. Why should he be 'strung up by his balls and flogged' when he obviously has the amazing intelligence to find such a vulnerability and create such a clever, interesting and never-done-before(don't quote me, i'm just going off the way the article suggested) worm.
    6. michael78
      I'm not jealous as I'm not a coder so not bothered. Regardless of his talents people like him cause damage and cost companies and less technical minded people time and money. Doesn't mean if you rob a bank and turn around and say I was just pointing out how bad security was that the bank should hire you as a security consultant.
    7. dazza786
      It is nothing in the slightest similar to robbing a bank
    8. Sparky
      Cool, Anti-Virus for iPhones now is it? :biggrin
    9. JK2447
      I'm not a fan of actual hackers getting developer or IT Security jobs. Sure they can have a lot of skill but I personally wouldn't hire a person who could show me they had hacked my site etc without written permission. My reason for this is that there are enough legal channels you can go through to learn how to become a superb hacker i.e. government schemes and non profit organisations that lay out a code of ethics.

      Take this kid for instance. I don't think he's done anything terrible but at the end of the day, he's created a worm that changes the desktop image on a device he doesn't own without its owners permission. I don't think he should be strung up for it and I admire his intelligence spotting how to do it BUT as an employer I'd doubt him on a personal level, nothing to do with his skill set, more to do with his morals and ethics.

      If he's willing to affect devices people own without their permission what else does he think its OK to do? He's thought this worm was OK. Will he think doing it again but supporting a religious or political image is OK?

      For these reasons I'd hire the guy with a Computer Science degree, a few years experience in a technical job for my IT Security role purely based on the odds that this guy is going to be more ethical. You take a chance on anyone as an employer but I prefer the odds of hiring a professional over a script kiddie.

      I also think why reward people who haven't been able to get into IT without hacking something and getting in the headlines? I admire anyone who's got into IT the hard way i.e. the way we all have, applications, interviews, certs etc. I'd hire a fella who was in the head lines for bringing down fraudsters, pedo's etc when he worked for a legitimate company personally.

      I realise I sound very opinionated on this subject but thats because I'm working hard as I speak to become an ethical hacker the right way i.e. through doing IT Sec work and going on courses etc. Trying to get on my firms Penetration Teating Team to get CHECK status and SC.

      The last thing I'll say is if I met this kid, I'd say well done on finding that vulnerability, but I have my baby son as my desktop image so if you change it I'll see you outside, good day.

      My 2 pence, bored and stuck in work all day running mainframe backups :(
      Last edited: Nov 28, 2009
    10. michael78
      Dazza, This type of stuff regardless of if it is malicious or not just opens the flood gates for more hackers to make something that can steal details or brick your device. It's already happened according to the article that they used his code as a basis for stealing peoples details in Holland so yes it is like robbing a bank and the kid should be prosecuted for it. I'm not saying if he didn't do it someone else wouldn't of but he's shown the way to others to progress his idea for more sinister means. If you have an IPOD/IPHONE and someone bricks it with a virus or steals your bank details would you be singing his praises?
      Last edited: Nov 28, 2009
    11. dazza786
      script kiddie is a term used about a person who has little knowledge on a vulnerability but uses the tools/scripts which have been created by an author to exploit its vulnerability... the guy in the above article is definately not a script kiddie... Us, however, doing the security route under the so called 'standard channels' will never ever be AS good as the people who author these exploits. we are the script kiddies! :)

      In an industry where technical security is taken absolutely seriously, I would assume that technical knowledge is near the top (if not the top) of the list of needs for a person in that type of role. Sure ethics are needed aswell, but what use is a person in an application security position if they're not the best BUT they think 'I won't hack my company:)'. That immediately proves that person not worth it, when there is another person who could ultimately exploit his/his teams work.

      In this case, I admit that these types of exploits are inconveniences to the end user but it is a massive accomplishment for the author, and how else to prove that it works than to release a 'harmless' worm which changes the background image. We don't know the full story, for all we know he could have pointed that vuln out to Apple in which they ignored or claimed wasn't there?

      Anyway, I've grown up learning about these kind of people and have no other feeling than admiration and envy for their ability.
      Last edited: Nov 28, 2009
    12. dazza786
      I would be complaining to apple for not securing my device enough and demand another. It's their problem, not mine. If they would have hired him.. this may not have happened :P
    13. JK2447
      I admire people with these skills too mate but the way I was brought up, its ALL about your ethics and character. If you aren't skilled enough you won't make it, simple as, because there are enough people in the world with good ethics and the IQ to do such a role, underground hackers aren't needed IMO. They can impress kids all they want but I'm about getting paid, and unless they do something illegal, they ain't getting paid and I am.

      Lets say this kid has pointed this vulnerability out to Apple and they did nothing about it. What gives hims he right to take the matter into his own hands? Who's he? Was anyone at all thankful to him for changing their desktop to show it could be done? I think people were pissed off you will find and in my book, 1 person pissing off thousands makes him an ass. I don't care how skilled he is, he's a bell end.

      If he showed the vulnerability out of the goodness of his heart why not put a youtube video up and tell as many people as you can about it rather than messing with other peoples property.

      Its all by the by anyway because tools like this kid are whats going to make me my fortune protecting company data so maybe I should thank him for my next Porshe :D

      Does this Australian firm think this kids a genuis? I very much doubt it. They are being business savvy and cashing in on the publicity and fair play to them. I live on the other side of the world and know about it so their business director deserves a pat on the back, but don't be fooled, this kid ain't all that. If he were he wouldn't need a job. He'd of made his own because you'll never get rich working for someone else IMO.

      You know I respect your opinion Dazza and my opinions are aimed at this kid and what he's done.
      Last edited: Nov 28, 2009
    14. dazza786
      That way, x amount of people will take the vuln into their own hands and as said in the article, use it for malicious things.

      Anyway, as pointed out, this thread is all about opinions. My love to all who posted theirs :p
    15. JK2447
      Exactly how I feel mate, I don't want to argue with anyone or say I'm right or their right cos its just an opinion.

      One thing I will say is kids like him will keep a lot of Security professionals in a job so thats good :D Kerching :biggrin
    16. Sparky
      Would have to agree. Also if the guy leaves the company or is sacked I would be concerned as he would know the IT infrastructure inside out. :eek:
    17. Modey
      Agree with what jk has said thus far.
    18. zebulebu
      Everyone's missing the point here. The kid obviously HAS ethics. He could have released something much, much more damaging - rickrolling the iPhone is a whole lot less damaging than bricking it (which he could easily have done with his exploit). Kudos to him for taking an alternative route into employment in the IT Security field.
    19. JK2447
      Excuse me but I think you are missing the point. He's changed something on other peoples iPhones against their will. You suggest people should be thankful it wasn't worse which I'm quite surprised about. How about he creates something useful to get into the IT Security field instead of showing he knows how to change peoples background picture. What use is that to anyone? A background picture is a personal choice and he's forced his on others. I think people giving him praise sends out the wrong message to wanna be's who will think they can hack their way into an IT career but thats just my personal opinion and I appreciate its not always popular.

    Share This Page