Jailbroken iPhones All at Risk for Same Hack – Fortunately the Fix is Easy

The Internet Patrol default featured image
Share the knowledge

A Dutch hacker has demonstrated that jailbreaking your iPhone opens it up to a hack that allows your jailbroken iPhone to be easily accessed and remotely controlled. This doesn’t necessarily mean that you shouldn’t jailbreak your iPhone (or that you should, we pass no judgement on the act of jailbreaking an iPhone), but it does mean that if you are going to jailbreak your iPhone, you need to know how to close the security hole you will create (or already have created) by jailbreaking your iPhone.

The initial issue is that the act of jailbreaking an iPhone enables, among other things, SSH to be active on the iPhone. And the SSH service on the iPhone activates with a default username and password. If you don’t know to change the default password, then anybody who knows that default username and password combination can log on to your iPhone and wreak all kind of havoc – including accessing your contacts, and sending text messages to them in your name. (By the way, that default username is “root” and the default password is “alpine”.)

The hacker used the SSH default password to log on to jailbroken iPhones and install his own software on the compromised phones. Initially, he then sent the following message to the owners of those phones – *from their own phone* – letting them know that he’d breached their phone, and demanding a payment to remove the software:

“Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”

When they visited that link, there was a demand for €5.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

The hacker added that “If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.”

However, the hacker has since stopped demanding money, and is instead offering, for free, information on how to both remove the software, and how to secure the iPhone (change the SSH password).

You can find that information [Page no longer available – we have linked to the archive.org version instead].

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.