Dutch Hacker Held Jailbroken iPhones Hostage Via Security Vulnerability
We've warned you previously about some of the security vulnerabilities that come with jailbreaking your iPhone. Turns out a Dutch hacker has gone and made a point to a countless number of jailbroken devices by using a port scanning technique along with some networking smarts. Then after he gained access to the jailbroken iPhones the rest was easy. All of the devices that were hacked had unchanged root passwords along with SSH enabled. You'd know if you were hacked if the following message popped up on your screen:
<
blockquote>If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.
Like promised, no harm was done or will be done. It turns out the hacker just wanted to teach people a simple lesson - change your root passwords and disable SSH. He's even been nice enough to post directions on how to make sure your jailbroken iPhone is not at risk.
There are 16 comments. Add yours.
I understand this was just his way of trying to inform jailbreakers of the importance of securing their phone...
Yet, this somehow makes me think that it will be fuel for the fire, causing Apple to find more ways to block jailbreaking on the iPhone.
This guy deserves the Nobel Peace price more than Obama :-)
This should raise a red-flag now. I'm sure Apple has people reading this website. They will probably work harder to block jailbreaking. Go Apple go!
when you jailbreak, autossh is not automatically installed...you have to do it, and after there is a sbsettins toggle to turn it off when not needed
what a nice guy, props to him
I make sure to keep my WIFI off and SSH off after jailbreaking , just to make sure .
Thanks guys, muahahaha =P
Since tIPB likes comic books, the lesson here is that Jailbreakers just need to listen to ol' Uncle Ben:
"With great power comes great responsibility"
Hack deez nuts.
I always have SSH off.
@AntonioJ:
Well said.
Anyone who does not know enough to change the root password should not be installing SSH, and (arguably) not jail breaking either.
I use an App called Net Scan (in the app store) for some of the network consulting I do, and you would be amazed how many times I walk into a building and find open ssh ports on iPhones.
I remarked about this to one of the on-site "techies" at one local company, and show him. It was HIS phone! I then used iSSH and opened a connection on his phone with the default password. The amazing bit was that he was supposedly the company tech guy.
this guy isn't as nice as you're making him out to be. The "if you don't pay.." part was him asking for money in exchange for him securing their phone.
@Jbrandonf:
He was offering a service for a price. What's wrong with that?
Unless he changed the root password himself, or in some other way damaged the phone or its files, this is nothing more than knocking on a door and offering to mow the lawn because it obviously needs it.
The story is sufficiently vague that you can not figure out if any real threat was made or any real damage done.
This is one reason of MANY that I choose not to jailbreak.
@Chobbs1
Congratulations. Do you want a medal?
Interesting blog. I'm curious what your thoughts are on Obama and the democratic party?