A Dutch hacker has used an exploit commonly left open when jailbreaking an iPhone or iPod touch to try and extort €5 from a number of T-Mobile Netherlands users. Ars Technica reports that the hacker used port scanning to identify jailbroken iPhones on the network that had SSH running.
As many users who had activated SSH had not changed the default root password, the hacker was able to hack into the devices and send an alert that appeared on the screen like an incoming SMS message. The false alert read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.
This message won’t disappear until your iPhone’s secure.”
A visit to the website mentioned in the alert prompts the user to send €5 to a PayPal account, after which time the hacker will send the user an email with instructions to remove the hack. Ars notes that the hacker doesn’t appear to have malicious intent, as he/she states on the page mentioned in the alert that,” If you don’t pay, it’s fine by me.