A Dutch hacker has used an exploit commonly left open when jailbreaking an iPhone or iPod touch to try and extort €5 from a number of T-Mobile Netherlands users. Ars Technica reports that the hacker used port scanning to identify jailbroken iPhones on the network that had SSH running. As many users who had activated SSH had not changed the default root password, the hacker was able to hack into the devices and send an alert that appeared on the screen like an incoming SMS message. The false alert read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files. This message won’t disappear until your iPhone’s secure.”
A visit to the website mentioned in the alert prompts the user to send €5 to a PayPal account, after which time the hacker will send the user an email with instructions to remove the hack. Ars notes that the hacker doesn’t appear to have malicious intent, as he/she states on the page mentioned in the alert that,” If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.” Apple has often mentioned security issues as a reason why it is opposed to users jailbreaking their devices.