Dutch Hacker Hijacks iPhones. Offers Owners Fix…for Cash.
Jailbreaking your iPhone can provide increased functionality and less restrictions but it also seems it can now also bring with it a massive security risk.
There are reports that an enterprising Dutch hacker has preyed on many handsets operated by T-Mobile Netherlands, issuing notices that alert the user that their iPhone is vulnerable unless they paid €5 for a fix.
It is thought that the vulnerability centres on a feature of the jailbreak itself, the enabling of a SSH (Secure Shell) service that has a default root password. The attacker was able to determine which jailbroken devices were viable by performing a port scan on the T-Mobile network, issuing the default password when prompted. Many Windows and Mac applications automate the jailbreaking process meaning many users don’t have the necessary technical skills to identify any vulnerabilities on their device and then deal with them once noted.
Compromised iPhone’s would read the following message:
Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.
When the user visits the website, they are directed to a PayPal page with a prompt to pay the €5. Once the funds are sent, the hacker would then send the instructions to patch the vulnerability, requiring the user to download an SSH client for their desktop and issue a few remote commands.
There was one further development when affected users started looking to forums for advice. The hacker had a slight sense of remorse and posted instructions on how to patch the hole, identifying the fact that attacker was probably more of an opportunist rather than a malicious criminal.
Apple may see this incident as yet another reason that iPhone users should not take to jailbreaking their devices. Out of the box, the iPhone is equipped to deal with security vulnerabilities but when you jailbreak, security suddenly becomes your problem.
Matt is based near London, UK and is the founder of WillINeedIt.com, a tech blog streaking up the Google rankings at a rate of knots. He can be found conversing on Twitter, Friendfeed and on his personal blog.
Matt, I think you mean “…many users DON’T have the necessary technical skills..”
And yep: once your outside the safe prison walls, it’s not so clear who the crooks are
Thanks for the heads up, the article has now been amended.
The identity of the hacker has just been released!!!!
His name is Piet Heyn.
Piet is a well known pirate.
He was also involved in some Spanish gold ‘trade’ scheme.
Peace out
Lol, then he’s done quite well over all those years, considering the fact that he’s now only 17 years old
Is this a first in mobile hacking?
[...] Dutch Hacker Hijacks iPhones. Offers Owners Fix…for Cash. (thenextweb.com) [...]