Dutch Hacker Held Jailbroken iPhones Hostage Via Security Vulnerability


We've warned you previously about some of the security vulnerabilities that come with jailbreaking your iPhone. Turns out a Dutch hacker has gone and made a point to a countless number of jailbroken devices by using a port scanning technique along with some networking smarts. Then after he gained access to the jailbroken iPhones the rest was easy. All of the devices that were hacked had unchanged root passwords along with SSH enabled. You'd know if you were hacked if the following message popped up on your screen:


blockquote>If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.

Like promised, no harm was done or will be done. It turns out the hacker just wanted to teach people a simple lesson - change your root passwords and disable SSH. He's even been nice enough to post directions on how to make sure your jailbroken iPhone is not at risk.

[via Gizmodo]


Community editor. Tech enthusiast. All-around geek.

More Posts



← Previously

Quick App: Doom Classic

Next up →

iPhone 3G/3GS Unlock Tool blacksn0w Now Live!

There are 16 comments. Add yours.

iDavey says:

I understand this was just his way of trying to inform jailbreakers of the importance of securing their phone...
Yet, this somehow makes me think that it will be fuel for the fire, causing Apple to find more ways to block jailbreaking on the iPhone.

Blah says:

This guy deserves the Nobel Peace price more than Obama :-)

Rags says:

This should raise a red-flag now. I'm sure Apple has people reading this website. They will probably work harder to block jailbreaking. Go Apple go!

antonioj says:

when you jailbreak, autossh is not automatically installed...you have to do it, and after there is a sbsettins toggle to turn it off when not needed

john says:

what a nice guy, props to him

Frank says:

I make sure to keep my WIFI off and SSH off after jailbreaking , just to make sure .

iDutch says:

Thanks guys, muahahaha =P

fassy says:

Since tIPB likes comic books, the lesson here is that Jailbreakers just need to listen to ol' Uncle Ben:
"With great power comes great responsibility"

duvi says:

I always have SSH off.

icebike says:

Well said.
Anyone who does not know enough to change the root password should not be installing SSH, and (arguably) not jail breaking either.
I use an App called Net Scan (in the app store) for some of the network consulting I do, and you would be amazed how many times I walk into a building and find open ssh ports on iPhones.
I remarked about this to one of the on-site "techies" at one local company, and show him. It was HIS phone! I then used iSSH and opened a connection on his phone with the default password. The amazing bit was that he was supposedly the company tech guy.

jbrandonf says:

this guy isn't as nice as you're making him out to be. The "if you don't pay.." part was him asking for money in exchange for him securing their phone.

icebike says:

He was offering a service for a price. What's wrong with that?
Unless he changed the root password himself, or in some other way damaged the phone or its files, this is nothing more than knocking on a door and offering to mow the lawn because it obviously needs it.
The story is sufficiently vague that you can not figure out if any real threat was made or any real damage done.

Chobbs1 says:

This is one reason of MANY that I choose not to jailbreak.

aaronius says:

Congratulations. Do you want a medal?

Warren plastic surgeons says:

Interesting blog. I'm curious what your thoughts are on Obama and the democratic party?