Hacker breaks into jailbroken iPhones, asks for $7

A hacker asks victims to pay $7 to get instructions for fixing a security hole in their jailbroken iPhones.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
This is a screenshot of the SMS the hacked iPhone users received. Tweakers.net

A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.

One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."

The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.

Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

Apparently, the hacker used port scanning to identify phones on the T-Mobile network in the Netherlands running SSH (Secure Shell network protocol), which is commonly used by jailbroken iPhones and allows a user to "log in via Terminal and run standard UNIX commands," according to Ars Technica.

iPhone users who don't change the default root password after jailbreaking the device leave the phones vulnerable to attack, the site said.

For the most part, users jailbreak iPhones and iPods so they can run unauthorized applications on them. Doing so violates the terms of service, however, and means they aren't able to get support on the devices thereafter.

This is the first time this type of port scanning has been used in the wild, according to Ars Technica.

"The technique is fairly trivial and could be done by anyone with even a modicum of networking know-how," the blog post warns.

Users of jailbroken iPhones can remove the SSH daemon when not in use to prevent against this type of attack, the post adds.

"This incident highlights the fact that jailbreaking removes the security mechanisms that Apple has in place for the iPhone OS," the post concludes.

Updated 2:30 p.m. PST the hacker has allegedly posted a fix for the hack online and apologized, according to an update on Ars Technica.