Many of us have jailbroken our iPhones, but did everyone remember to change the default root password? Those guilty of that oversight are vulnerable to the simple intrusion method this guy used to hold iPhones hostage in the Netherlands.
Apparently all that it took to terrify many Dutch iPhone users was a “trivial” port scanning technique and “a modicum of networking know-how.” After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution:
If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.
This particular gentleman was almost kind. He didn’t inflict any serious harm, only demanded a small optional payment, and limited his activity to the Netherlands. Whoever learns from his approach might not be as nice. The lesson, my darlings? Change your root passwords or disable SSH if you’ve got a jailbroken iPhone. I finally did. [Ars Technica]
