Hacker targets jailbroken iPhones in extortion ploy | iLounge News


Hacker targets jailbroken iPhones in extortion ploy


A Dutch hacker has used an exploit commonly left open when jailbreaking an iPhone or iPod touch to try and extort €5 from a number of T-Mobile Netherlands users. Ars Technica reports that the hacker used port scanning to identify jailbroken iPhones on the network that had SSH running. As many users who had activated SSH had not changed the default root password, the hacker was able to hack into the devices and send an alert that appeared on the screen like an incoming SMS message. The false alert read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files. This message won’t disappear until your iPhone’s secure.”

A visit to the website mentioned in the alert prompts the user to send €5 to a PayPal account, after which time the hacker will send the user an email with instructions to remove the hack. Ars notes that the hacker doesn’t appear to have malicious intent, as he/she states on the page mentioned in the alert that,” If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.” Apple has often mentioned security issues as a reason why it is opposed to users jailbreaking their devices.

Related Stories



This is exactly the scenario I envisioned when the first jailbreaks took place. Just imagine a hacker getting hold of your iPhone and keeping a connection open to some 1-900 number in Thailand (or if you are in Thailand, the US) all night long for any number of nights. You would end up with an enormous bill and I doubt there is thing one you would be able to do to avoid paying the charges.

Posted by Just Me on November 3, 2009 at 1:05 PM (CST)


that’s exactly what I thought gonna happen! I’m woundering what other information can be retrieved from a jail broken iPPhone, ... contacts, passwords to ATT accounts, SS if saved, cotnacts can be used to send txt msg advertisement out,... or other….!

that’s the risk some of you guys take. I had mine jail broken for 1-2 weeks and then removed it completly because I saw security

Posted by dennis on November 3, 2009 at 3:59 PM (CST)


What about just turning of SSH? It’s not that hard to do and would mitigate the risk of JB your iPhone. Right?

Posted by ender on November 3, 2009 at 4:44 PM (CST)


good choice but what about all the other functions that could be used to exploit user data? ... how do we know that if we install an apps on our hacked iphone and during the actual install other data will be send out to the developer who then could use this information to do wrong….

Posted by dennis on November 3, 2009 at 8:17 PM (CST)


This are the consequences by jailbreaking your iPhone or iPod Touch…

Posted by Hansel Jr on November 4, 2009 at 1:16 AM (CST)


Jailbreak, is one thing, but be soooo stupid so you don’t change default password well that is a real security concern.

Peoples just don’t understand this, use strong passwords, and use differents passwords depending the level of thrustness of the service you are registering with.

Just use your brain, and what if you portscan yourself to see if something is opened!!

I believe its not that hard….. a 10yo could figure

Posted by Math on November 4, 2009 at 11:02 AM (CST)

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2018 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy