A Dutch hacker has demonstrated that jailbreaking your iPhone opens it up to a hack that allows your jailbroken iPhone to be easily accessed and remotely controlled. This doesn’t necessarily mean that you shouldn’t jailbreak your iPhone (or that you should, we pass no judgement on the act of jailbreaking an iPhone), but it does mean that if you are going to jailbreak your iPhone, you need to know how to close the security hole you will create (or already have created) by jailbreaking your iPhone.
The initial issue is that the act of jailbreaking an iPhone enables, among other things, SSH to be active on the iPhone. And the SSH service on the iPhone activates with a default username and password. If you don’t know to change the default password, then anybody who knows that default username and password combination can log on to your iPhone and wreak all kind of havoc – including accessing your contacts, and sending text messages to them in your name. (By the way, that default username is “root” and the default password is “alpine”.)
The hacker used the SSH default password to log on to jailbroken iPhones and install his own software on the compromised phones. Initially, he then sent the following message to the owners of those phones – *from their own phone* – letting them know that he’d breached their phone, and demanding a payment to remove the software:
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
“Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”
When they visited that link, there was a demand for €5.
The hacker added that “If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.”
However, the hacker has since stopped demanding money, and is instead offering, for free, information on how to both remove the software, and how to secure the iPhone (change the SSH password).
You can find that information [Page no longer available – we have linked to the archive.org version instead].
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!