Hacker breaks into jailbroken iPhones and asks for money

Tuesday, November 3, 2009, 15:29
iphone Apps
187 views
1 comment

A hacker in The Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.

This is a screen shot of the SMS the hacked iPhone users received.

(Credit:

Tweakers.net)

One of the victims posted a screenshot from his iPhone of the SMS received. It said: Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”

The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.

Ars Technica reports that before the page was removed it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.

“If you don’t pay, it’s fine by me,” the hacker’s page said. “But remember, the way I got access to your iPhone can be used by thousands of others–they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.”

Apparently, the hacker used port scanning to identify phones on the T-Mobile network in The Netherlands running SSH (Secure Shell network protocol), which is commonly used by jailbroken iPhones and allows a user to “log in via Terminal and run standard UNIX commands,” according to Ars Technica.

IPhone users who don’t change the default root password after jailbreaking the device leave the phones vulnerable to attack, the site said.

This is the first time this type of port scanning has been used in the wild, according to Ars Technica.

“The technique is fairly trivial and could be done by anyone with even a modicum of networking know-how,” the blog post warns.

Users of jailbroken iPhones can remove the SSH daemon when not in use to prevent against this type of attack, the post adds.

“This incident highlights the fact that jailbreaking removes the security mechanisms that Apple has in place for the iPhone OS,” the post concludes.

Originally posted at InSecurity Complex

See more here:
Hacker breaks into jailbroken iPhones and asks for money

Share
Delicious Digg Design Float Mixx Reddit StumbleUpon Technorati

Tags: advice, before-the-page, iphone, netherlands, phones, really-insecure, remove-the-ssh, secure-shell, SMS, some-jailbroken

About the Author

bryan has written 119 stories on this site.

One Comment on “Hacker breaks into jailbroken iPhones and asks for money”

admin0 wrote on 3 November, 2009, 16:02
looks like steve jobs is taking a move from the cia… what better way to make jailborken phones seem unsafe? have hackers ask for money!