Jailbreaking sidesteps other Apple-created security defenses for the iPhone, including the "sandbox" that applications are restricted to when they run. "Sandboxing prevents apps from doing things like accessing other apps," noted Miller.
And jailbreaking an iPhone also gives hackers a much easier entry into the iPhone's operating system, which is a bare bones version of the Mac OS X operating system Apple uses for its laptop and desktop computers. "The iPhone's OS is really stripped," said Miller. "There's no shell, for example. So for an attacker, normal shell code doesn't run on an iPhone that's not been jailbroken."
In fact, some of the earliest exploits written for the iPhone assumed that the phone had been jailbroken.
"Apple made it really hard to break into the iPhone," Miller said, citing a layered defense that includes DEP (data execution prevention). "But jailbreaking breaks all those, including DEP," he added.
The ikee worm may be the first on the iPhone, but Miller's betting that it won't be the last. "There's not a lot of mobile expertise out there yet," said Miller. "But as that changes, we'll see more and more exploits, and worms are built on exploits."