News
Hacker targets jailbroken iPhones in extortion ploy
By Charles Starrett
Senior Editor, iLounge
Published: Tuesday, November 3, 2009
News Category: iPhone
A Dutch hacker has used an exploit commonly left open when jailbreaking an iPhone or iPod touch to try and extort €5 from a number of T-Mobile Netherlands users. Ars Technica reports that the hacker used port scanning to identify jailbroken iPhones on the network that had SSH running. As many users who had activated SSH had not changed the default root password, the hacker was able to hack into the devices and send an alert that appeared on the screen like an incoming SMS message. The false alert read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files. This message won’t disappear until your iPhone’s secure.”
A visit to the website mentioned in the alert prompts the user to send €5 to a PayPal account, after which time the hacker will send the user an email with instructions to remove the hack. Ars notes that the hacker doesn’t appear to have malicious intent, as he/she states on the page mentioned in the alert that,” If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.” Apple has often mentioned security issues as a reason why it is opposed to users jailbreaking their devices.
Share This Article & Win an iTunes Gift Card. Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods or accessories, or if you sell or market iPod products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- Enter the CES Exhibits Plus Pass Giveaway today
- Wider distribution boosting iPhone sales in France
- Chinon rolls out AVi portable iPod speaker
- TomTom intros separate Car Kit for iPod touch
- iLounge and MusicSkins announce the Ultimate Design Contest
- Latest edition of iPodweek coming shortly
- Apple planning more iPod touch apps for retail?
- Gameloft, others cutting back on Android development
- Google launches Google News for iPhone, iPod touch
- Magellan releases RoadMate app, Car Kit coming
Recent Reviews
- Electronic Arts Command & Conquer Red Alert
- Bowers & Wilkins Zeppelin Mini
- iHome iHM79 Rechargeable Mini Speakers
- Elexa Consumer Products iBlink
- Bose SoundDock 10
- Shure SE115m+ Sound Isolating Headset
- Apple Remote (2009)
- Kensington Travel Battery Pack and Charger for iPhone
- Tapulous Metallica Revenge
- Electronic Arts NBA Live by EA Sports
Recent Articles
- The Complete Guide to Using the iTunes Store
- iPhone Gems: Brain Challenge 2, Impossible Quiz, Jeopardy, Trivia Wars + Wheel of Fortune
- The Complete Guide to Album Tagging, Art and Playlists in iTunes
- Ask iLounge 11-13-09
- The Complete Guide to iTunes Audiobooks, Podcasts + iTunes U
- Ask iLounge 11-6-09
- iPhone Gems: Asphalt 5 and Doom Classic
- Ask iLounge 10-30-09
- Instant Expert: Secrets & Features of Apple TV 3.0
- Ask iLounge 10-23-09
1
This is exactly the scenario I envisioned when the first jailbreaks took place. Just imagine a hacker getting hold of your iPhone and keeping a connection open to some 1-900 number in Thailand (or if you are in Thailand, the US) all night long for any number of nights. You would end up with an enormous bill and I doubt there is thing one you would be able to do to avoid paying the charges.
Posted by Just Me on November 3, 2009 at 11:05 AM (PDT)
2
that’s exactly what I thought gonna happen! I’m woundering what other information can be retrieved from a jail broken iPPhone, ... contacts, passwords to ATT accounts, SS if saved, cotnacts can be used to send txt msg advertisement out,... or other….!
that’s the risk some of you guys take. I had mine jail broken for 1-2 weeks and then removed it completly because I saw security
Posted by dennis on November 3, 2009 at 1:59 PM (PDT)
3
What about just turning of SSH? It’s not that hard to do and would mitigate the risk of JB your iPhone. Right?
Posted by ender on November 3, 2009 at 2:44 PM (PDT)
4
good choice but what about all the other functions that could be used to exploit user data? ... how do we know that if we install an apps on our hacked iphone and during the actual install other data will be send out to the developer who then could use this information to do wrong….
Posted by dennis on November 3, 2009 at 6:17 PM (PDT)
5
This are the consequences by jailbreaking your iPhone or iPod Touch…
Posted by Hansel Jr on November 3, 2009 at 11:16 PM (PDT)
6
Jailbreak, is one thing, but be soooo stupid so you don’t change default password well that is a real security concern.
Peoples just don’t understand this, use strong passwords, and use differents passwords depending the level of thrustness of the service you are registering with.
Just use your brain, and what if you portscan yourself to see if something is opened!!
I believe its not that hard….. a 10yo could figure
Posted by Math on November 4, 2009 at 9:02 AM (PDT)