News
Hacker targets jailbroken iPhones in extortion ploy
By Charles Starrett
Contributing Editor
Published: Tuesday, November 3, 2009
News Categories: iPhone
A Dutch hacker has used an exploit commonly left open when jailbreaking an iPhone or iPod touch to try and extort €5 from a number of T-Mobile Netherlands users. Ars Technica reports that the hacker used port scanning to identify jailbroken iPhones on the network that had SSH running. As many users who had activated SSH had not changed the default root password, the hacker was able to hack into the devices and send an alert that appeared on the screen like an incoming SMS message. The false alert read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files. This message won’t disappear until your iPhone’s secure.”
A visit to the website mentioned in the alert prompts the user to send €5 to a PayPal account, after which time the hacker will send the user an email with instructions to remove the hack. Ars notes that the hacker doesn’t appear to have malicious intent, as he/she states on the page mentioned in the alert that,” If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.” Apple has often mentioned security issues as a reason why it is opposed to users jailbreaking their devices.
Related Stories
- Apps: Can Knockdown 3, eBay 3.0/2.3, Jungle Book + Sonic the Hedgehog 2.0
- Apple patent filing uses multiple devices to light a scene
- Google: iOS Hangouts, new Maps, Music All Access + More
- In-flight e-device guidelines still up in the air
- Apple sued over iPhone 4 power button failures
- Watch ABC app streams live TV programming
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- iLounge Weekly arriving Monday, giveaway reminder
- Report: BBM iOS app won’t support iPad at launch
- Report: iRadio might miss WWDC debut
- Fair Labor Assoc.: Foxconn, Apple still exceed work hours
- CW to bring content to Apple TV
- Moshi debuts aluminum USB Cable with Lightning Connector
- Cook talks Apple’s taxes ahead of Senate testimony
- iLuv intros Aud 5 Lightning speaker dock for iPhone 5
- Apps: Can Knockdown 3, eBay 3.0/2.3, Jungle Book + Sonic the Hedgehog 2.0
- Apple releases iTunes 11.0.3 with new Mini Player
Recent Reviews
- BlueFlame 2M Charge and Sync Cable with Lightning Connector
- HMDX Jam Party Bluetooth Wireless Stereo Speaker
- Logitech Harmony Ultimate Universal Remote Control
- MyCharge Freedom 2000 Battery Case for iPhone 5
- Nike Nike+ FuelBand
- OCDesk OCDock for iPhone 5
- Bluelounge MiniDock (With Lightning Connector)
- Mophie Juice Pack Powerstation Pro
- PhoneSuit Flex Pocket Charger
- Olloclip Quick-Flip Case + Pro-Photo Adapter for iPhone 5
Recent Articles
- Remove old iCloud backup after restoring to a new iPhone
- Setting up a ringtone in iTunes
- Using a Wi-Fi hard drive with an iPad
- Backing up and restoring an iPod classic
- Can’t restore iPod touch without passcode
- Retaining older versions of Apps during an iOS Restore
- Can’t eject iPod nano without closing Firefox
- Can’t change iTunes Apple ID to iCloud e-mail address
- Effect of erasing an iPhone on the Find My iPhone feature
- Organizing video collections on an iPad
1
This is exactly the scenario I envisioned when the first jailbreaks took place. Just imagine a hacker getting hold of your iPhone and keeping a connection open to some 1-900 number in Thailand (or if you are in Thailand, the US) all night long for any number of nights. You would end up with an enormous bill and I doubt there is thing one you would be able to do to avoid paying the charges.
Posted by Just Me on November 3, 2009 at 10:05 AM (PST)
2
that’s exactly what I thought gonna happen! I’m woundering what other information can be retrieved from a jail broken iPPhone, ... contacts, passwords to ATT accounts, SS if saved, cotnacts can be used to send txt msg advertisement out,... or other….!
that’s the risk some of you guys take. I had mine jail broken for 1-2 weeks and then removed it completly because I saw security
Posted by dennis on November 3, 2009 at 12:59 PM (PST)
3
What about just turning of SSH? It’s not that hard to do and would mitigate the risk of JB your iPhone. Right?
Posted by ender on November 3, 2009 at 1:44 PM (PST)
4
good choice but what about all the other functions that could be used to exploit user data? ... how do we know that if we install an apps on our hacked iphone and during the actual install other data will be send out to the developer who then could use this information to do wrong….
Posted by dennis on November 3, 2009 at 5:17 PM (PST)
5
This are the consequences by jailbreaking your iPhone or iPod Touch…
Posted by Hansel Jr on November 3, 2009 at 10:16 PM (PST)
6
Jailbreak, is one thing, but be soooo stupid so you don’t change default password well that is a real security concern.
Peoples just don’t understand this, use strong passwords, and use differents passwords depending the level of thrustness of the service you are registering with.
Just use your brain, and what if you portscan yourself to see if something is opened!!
I believe its not that hard….. a 10yo could figure
Posted by Math on November 4, 2009 at 8:02 AM (PST)