Dutch Hacker Hack’s Into Jailbroken iPhone’s

A Dutch hacker used a port scanning to identify jailbroken iPhones on T-Mobile Netherlands with SSH running.Jailbroken iPhone HackedJailbroken user’s commonly use SSH to run standard UNIX commands on their iPhone. However, due to the way it’s set up all iPhones have the same default root password that most people don’t change. This means if a user knows a iPhone is close running SSH they can access all of the files on the device.

The Dutch hacker used the unchanged root passwords to hack into the phones, he then sent a SMS alert to the phones that read, ” You iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.” Once going to the website it directs the user to send €5 to a PayPal account, after which the hacker will e-mail instructions to remove the hack—which most likely involve restoring the iPhone to factory settings.

The hacker doesn’t appear to have malicious intent, other than to glean some extra cash. “If you don’t pay, it’s fine by me,” reads the page mentioned in the message to the hacked iPhone owners. “But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.”

To stop this from happening to you read the article on How To: Change Your iPhone’s SSH Password.

5 Responses to Dutch Hacker Hack’s Into Jailbroken iPhone’s

  1. […] Your iPhone’s SSH Password As many have been prompted by the recent icident, including Dutch iPhones on T-Mobile, the SSH on the iPhone has a default password which most people do not change, leaving themselfs […]

  2. […] Over the past week there has been a lot of news over unsecured SSH on iPhone. First about the Dutch hacker who wasscanning the network for jailbroken users who had not changed their default SSH password. […]

  3. […] iPhone Security Issues Not Exclusive To Jailbroken Devices In the past few months there have been multiple worms released into the wild that affected inadequately protected jailbroken iPhones. However a Swiss iPhone developer has published research that indicates that there are also security vulnerabilities affected un-jailbroken devices too. This doesn’t come as much of a surprise to most as it was only a matter of time. The developer, Nicholas Seriot has created a proof of concept app called SpyPhone to demonstrate how Apple’s own APIs can be used to read and edit user’s address books, gain access to the user’s web surfing history or even recent location information. Although this is not as bad as what can be done with root permissions to the device, it can still effect users, especially when they think they are safe. For the attacks to work, the application with the malicious code would need to get through the App Store approval system, however this wouldn’t be very hard as pointed out by many developers, as Apple doesn’t check source code but does have a kill switch on every app. The code would be delayed, so that it only beings to work so many weeks after the app is released or it could be an encrypted payload. Nicholas Seriot detailed these possible iPhone privacy risks in a talk he delivered in Geneva, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications. Developers Research Related: How To: Change Your iPhone’s SSH Password Dutch Hacker Hack’s Into Jailbroken iPhone’s […]

  4. Mardell Barsch says:

    Doing some browsing and noticed your blog looks a bit confusedin my K-meleon internet browser. I think I’m the only one still using it….

  5. BB says:

    Creepy dude!!! 😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: