Jailbroken iPhones Ransomed by Dutch Hacker
On the other hand, we doubt jailbreaking will end life as we know it, as Apple believes.
According to a forum post, the hacker broke into jailbroken iPhones on T-mobile Netherlands. Typically, SSH is turned on for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands.
However, if you want to do that, you really need to change the default root password. As is the case with many routers, which can be broken into the same way if unprotected, iPhones all have a default root password that many forget to change after jailbreaking.
Using this knowledge, the hacker then sent what appears to be an SMS message to the hacked iPhones that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." If a user visits the website (since taken down), he is directed the user to send €5 to a PayPal account, after which the hacker will e-mail instructions to remove the hack. Or you could just restore your phone and jailbreak again.
Of course, he's just trying to be helpful, he says. "If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
There are two ways to secure your jailbroken iPhone. You can turn off SSH when you are not using it (SBSettings is a well-known app for jailbroken phones you can use for this), and / or you can change your root password. For that, you can use MobileTerminal (another well-known app).
At any rate, this is just another warning to jailbroken iPhone users. While jailbreaking opens up a wealth of applications you can't get otherwise, there are things you need to be cautious about.
Comments
|
I'm sure there's some law that makes what he did illegal with a $3M fine and 20 year PMITA prison sentence. Which, is totally stupid. All he really did is the equivalent of checking peoples' car doors and when they're unlocked leaving a note on the windshield that that says "send me $5 to tell you how to take this note off your windshield and keep others from using your car!" A normal person would be "whew... at least someone truly malicious didn't take advantage of me first. I won't pay his $5, but I'll take 10 mins to read a website that tells me how to lock my car doors and get the note from under the wiper." If you're not smart enough to do that, and you have no friends that will show you: you should pay someone $5 to teach you how before some truly malicious a-hole come along. |
|
LOL... we knew it wouldn't be long before another guy came along and used the same prank for something a little more hilarious. Apparently someone decided to make a worm that uses the default ssh password to change the wallpaper to Rick Astley on unsecured phones. http://www.sophos.com/blogs/gc/g/2009/11/08/iphone-worm-discovered-wallpaper-rick-astley-photo/ |
Post a Comment
