Jailbroken iPhones Ransomed by Dutch Hacker
There's one thing Apple is right about with respect to jailbroken iPhones: they are less secure. At least, unless you take some precautions, that is. A Dutch hacker took advantage of that situation, but all he really wanted was some pocket change.
On the other hand, we doubt jailbreaking will end life as we know it, as Apple believes.
According to a forum post, the hacker broke into jailbroken iPhones on T-mobile Netherlands. Typically, SSH is turned on for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands.
However, if you want to do that, you really need to change the default root password. As is the case with many routers, which can be broken into the same way if unprotected, iPhones all have a default root password that many forget to change after jailbreaking.
Using this knowledge, the hacker then sent what appears to be an SMS message to the hacked iPhones that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
If a user visits the website (since taken down), he is directed the user to send €5 to a PayPal account, after which the hacker will e-mail instructions to remove the hack. Or you could just restore your phone and jailbreak again.
Of course, he's just trying to be helpful, he says. "If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
There are two ways to secure your jailbroken iPhone. You can turn off SSH when you are not using it (SBSettings is a well-known app for jailbroken phones you can use for this), and / or you can change your root password. For that, you can use MobileTerminal (another well-known app).
At any rate, this is just another warning to jailbroken iPhone users. While jailbreaking opens up a wealth of applications you can't get otherwise, there are things you need to be cautious about.
On the other hand, we doubt jailbreaking will end life as we know it, as Apple believes.
According to a forum post, the hacker broke into jailbroken iPhones on T-mobile Netherlands. Typically, SSH is turned on for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands.
However, if you want to do that, you really need to change the default root password. As is the case with many routers, which can be broken into the same way if unprotected, iPhones all have a default root password that many forget to change after jailbreaking.
Using this knowledge, the hacker then sent what appears to be an SMS message to the hacked iPhones that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." If a user visits the website (since taken down), he is directed the user to send €5 to a PayPal account, after which the hacker will e-mail instructions to remove the hack. Or you could just restore your phone and jailbreak again.
Of course, he's just trying to be helpful, he says. "If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
There are two ways to secure your jailbroken iPhone. You can turn off SSH when you are not using it (SBSettings is a well-known app for jailbroken phones you can use for this), and / or you can change your root password. For that, you can use MobileTerminal (another well-known app).
At any rate, this is just another warning to jailbroken iPhone users. While jailbreaking opens up a wealth of applications you can't get otherwise, there are things you need to be cautious about.
