Hacker breaks into jailbroken iPhones, asks for $7

This is a screenshot of the SMS the hacked iPhone users received.

(Credit: Tweakers.net)

A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.

One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."

The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.

Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

Apparently, the hacker used port scanning to identify phones on the T-Mobile network in the Netherlands running SSH (Secure Shell network protocol), which is commonly used by jailbroken iPhones and allows a user to "log in via Terminal and run standard UNIX commands," according to Ars Technica.

iPhone users who don't change the default root password after jailbreaking the device leave the phones vulnerable to attack, the site said.

For the most part, users jailbreak iPhones and iPods so they can run unauthorized applications on them. Doing so violates the terms of service, however, and means they aren't able to get support on the devices thereafter.

This is the first time this type of port scanning has been used in the wild, according to Ars Technica.

"The technique is fairly trivial and could be done by anyone with even a modicum of networking know-how," the blog post warns.

Users of jailbroken iPhones can remove the SSH daemon when not in use to prevent against this type of attack, the post adds.

"This incident highlights the fact that jailbreaking removes the security mechanisms that Apple has in place for the iPhone OS," the post concludes.

Updated 2:30 p.m. PST the hacker has allegedly posted a fix for the hack online and apologized, according to an update on Ars Technica.

[Pete Bardo]

Tonight there's going to be a jailbreak, somewhere in your town!

[therobot]

ahhh some classic Thin Lizzy!!

[Random_Walk]

You takes the risks, you takes the consequences.

[tehsilverdollar]

When you jailbreak an iPhone it does not open up this security hole. Once you have jailbroken the phone, installing an SSH server through Cydia or other means opens it up to hacks like this. The "security mechanisms that Apple has in place for the iPhone OS" is hilarious since a simple dictionary cracker broke the password (which is alpine). Don't be stupid when you jailbreak your phone and this won't happen.

[ikramerica--2008]

Exactly. If you are going to hack any device, you should know what you are doing!

[Random_Walk]

"a simple dictionary cracker broke the password (which is alpine)"

...is that the default root p/w on a jailbroken phone then, or ...?

Gad - no wonder it was so easily broken (didn't even have to get past the "a" section of the dictionary...)

[Perry_Clease]

"...is that the default root p/w on a jailbroken phone then, or ...?"

According to other reports that I read yesterday "alpine" is the default password. See http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars

[ikramerica--2008]

you are not intended to enable SSH, so apple simply includes a default password as a placeholder. Anyone who enables SSH should also change their freaking password. ;)

[Vegaman_Dan]

@Random_Walk:

Yes, "alpine" is the default root account password in the iPhone OS.

Unfortunately since every app is run as root, this leaves the device rather easily exploitable.

[NickLancer]

I attended 4 years at a tech school while I was in high school. One of the things we learned about was Unix. All I can say is that I could have done this when I was 16. 2 years later im a bit rusty using Unix but I could still probably do it. It actually came across my mind when I first installed ssh software on my Iphone so I could put over 1000 NES games on it. After all the password is the same unless you change it. I thought hay I could get movies off of peoples ipods and phones at school. I never had intentions beyond this. The thing was that I did not want to get in trouble over something so dumb and I sure as hell would not mess with it through AT&T. Anyhow... People should not get into command lines and start doing anything to drastic unless you know what you are doing. Jailbreaking is fine. Just dont start going into the more advanced stuff unless you know what you are messing with.

[Random_Walk]

"Yes, "alpine" is the default root account password in the iPhone OS. "

...before or after jailbreaking?

[dhavleak]

Before.

@ ikramerica--2008 -- there should be more options than just running everything as root. Changing the password is one thing -- what if there's an exploitable weakness (in the telnet daemon or in any other service running on the phone)? Everything shouldn't be running as root -- otherwise executing remote code is the only challenge to pwning the device -- there is no privilege escalation or anything else required (i.e. no layers of security). That does not mean there are tons of holes to exploit. It merely means that if there are any, they'll be really deadly when they are exploited.

[mbenedict]

@dhavleak:

By definition, on a jailbroken iPhone there is at least one exploitable hole -- i.e., the hole exploited to jailbrake the phone to begin with.

[dhavleak]

@ mbenedict

Excellent point sir!

[lvcsslacker]

An entrepreneur. Well met!

[HlLLARY CLITON]

I'm still waiting for my $7.36

[SeizeCTRL]

It's waiting for you when you finally achieve peace in the middle east.

[bctexas]

I'll gladly take the risk if the reward is keeping my iPhone jailbroken.

[Michichael]

Amazing how secure Apple OS's are when they even begin to approach customizability (jailbreaking). This is an example of the difference between Apple security and Microsoft security. Apple makes things secure by restricting your ability to do things to it. Microsoft makes it secure then says go to town. The only difference is when somebody finds a way to break that security for Microsoft, they fix it - apple says you violated your warranty. :)

/reference tricycle vs motorcycle argument

[stickfu]

Microsoft secure?
When this happen?
Oh ya, you must mean this...
http://www.itpro.co.uk/blogs/daveyw/2009/11/03/80-percent-of-viruses-love-windows-7/

[rationalreview]

It should be 95% love windows, because that's the target they have on their backs. And yes, Michichael, I totally agree.

[npkgardens]

Yup. Not that I love MS at all (they totally suck in so many ways...), but Apple are actually babes in the woods when it comes to dealing with hacks and attacks. Their "play by our rules or stay off the court" philosophy can only get them so far, like into a comfy niche supplying overpriced gadgets to well-off geeks, but the rest of the world does not play by their rules, and most of the rest of the world is far too hungry to be able to afford to belong to the Apple club..

[george_liquor]

Let's compare apples to apples here, genius. Go jailbreak a Zune HD and then see if M$ says 'go to town.'

[ifeatu]

That still wouldn't be comparing apples to apples. This is a networking vulnerability not a software hole...none of you seem to have the slightest bit of literacy in the field of networking. SSH is a very secure tool if used properly and is available for all platforms. The only vulnerability is the ignorant users installing ssh server and not changing the default password which is about the dumbest thing you can do as a systems administrator regardless of the platform.

[stickfu]

@ifeatu
+1
the alpine password has been known for almost 2 years, long ago it was recommended that jailbreakers should change it.

[Vegaman_Dan]

*ahem*

HELLLLLLOOOOOO?

My iPhone has an Apple logo on it. It's already perfect and invulnerable.

[shycelticwitch]

I shall record the above comment for later use (i.e. when I am accused of being a troll, or being disrespectful to the folks who chose to use Windows. Thanks Dan.

[Yelonde]

Same could be said about windows mobile, or android. They both consist of a limiting marketplace. Apparently, its working because both microsoft and google are adoption the concept of a built-in store. Personally, I would rather have a secure, and locked down phone than an open, and vulnerable one. You do not seem to understand that both google and microsoft have realized this.

Since you are so dedicated to opening up your phone's OS, have fun hacking your winmo or android phone, and lets see how useful/secure it really is.

[ckh1272]

@Michichael --Jailbroken and the warranty is no good??!! Microsoft pulled the same mess with the original Xbox and is still doing that with the 360. Hack you 360 and call Microsoft when it breaks and see what they say. Same thing happened with Sony and the PS2. Your statement is flat out BS, thinking that this only applies to Apple (as far as warranty restrictions go).

Reference BS vs. truth argument.

[TheHBK23]

Screw hackers.

[koolerz1569]

no, screw you, you don't know what hackers have done in the past that made this iPhone possible. Steve Wozniak is the co founder of apple, and he's a hacker... if they didn't found Apple... then...who knows...

[vorcia]

this is one of the reasons you shouldnt jailbreak your iphone, support apple and buy their products

[JoeF2]

LOL.
This rather seems to be the reason for clueless trolls and fanboys to come out of their holes.
Apple should fix their insecure stuff. They are apparently nearly as bad as MS.

[george_liquor]

Didn't read the article too carefully, did you? This hack only affected jailbroken iPhones running 3rd party SSH servers. Free tip: disallow root login through ssh and use a strong password. If you don't you deserve to get hacked.

[bctexas]

I wont blindly support anyone, and this IS what you are suggesting. I guess you blindly support the dems with healthcare also. The gov is so good at everything else they do, so hey, why not! (sarcasm)

[Vegaman_Dan]

This is also why we should all wear the same clothes, go to only the approved schools, study what you are told to study, and let others do the thinking for you.

When you buy a new car, make sure it's grey with no options. NEVER change the radio station or adjust the seat and/or mirrors. Do not consider paint, engine improvements or any sort of customization.

Be a sheep. That's the safest thing to do. Don't be an individual. Think only what you are told to think. Personal liberty is to be looked upon as treason to the state.

.......

Or... just let people do what they want with things they bought. If Apple wants to insist on controlling what you can or cannot do with the device, then they shouldn't sell it in the first place, but rent or lease it instead.

Those hackers are *******.

[carbine68]

Good for them, keep exploiting dumb people.

[strongpimphand]

I hate that this hacker posted instructions on how to fix it. YOU JAILBREAK YOUR PHONE = YOU'RE BREAKING YOUR TOS. YOU DESERVE THIS TO HAPPEN TO YOU!!!

People don't just jailbreak their phones to get on other GSM carriers...they do it so they can steal APPS. Yep, those 100K Apps Apple fans brag about get stolen with ease with jailbroken phones.

Boo to this hacker to posting instructions on how to fix his simple hack!

[bctexas]

Stealing,....you say tomato, I say borrowing.

[Vegaman_Dan]

"steall APPS"

How do you figure that? The apps are only there if the developers offer them.

Freedom isn't just a word.

[gylgamesh5]

I'm a paying AT&T customer with fully bought and paid for apps. I jailbreak my phone for two reasons: I want a quick way to turn Bluetooth and WiFi on and off, and I want to customize the alerts for new SMS and mail messages. People who JB their phones may indeed be breaking their TOS, but that doesn't mean they're necessarily breaking any laws. And no one has yet to test the legality of TOS that prohibit such alterations of items by its owner.

Boo on yourself.

[rdupuy11]

That argument simply isn't supported by facts. Some people steal Apps, but the vast majority of jailbreak phones, in the United States, are simply to use the device on T-mobile, instead of AT&T

T-mobile prepaid = $100 per year. AT&T cheapest plan = $720 per year.

If you want to use your iPhone...gasp...as a phone, and use its computer functionality as a kind of iPod touch, then T-mobile will save you $$$.

It's not illegal. Gen 1 iPhones are already off contract - when you upgrade to a new phone, you can sell the off contract phone off ebay...that new owner is not subsidized on that purchase, and can run the phone on any network they want (as long as it supports the tech - GSM).

, and besides the DMCA specifically grants an exception for unlocking a phone.

It's not about stealing apps, thats a tiny minority, as CNET has reported before.
You just spread a lie.

It's all legal, it's all normal.

[Seaspray0]

"...they do it so they can steal APPS." The fart machine app is one of the best and most popular. How could you not want it?

[acuratl04driver]

But wouldn't this have to only affect iPhones that are using open SSH? You would have to install that anyway in order to be able to access the phone. Depending on how you jailbreak your phone it will give you different options, in which one will prompt you to download open SSH. One of the other options if graphical only which does not prompt you to download open SSH program(s).

[acuratl04driver]

But wouldn't this have to only affect iPhones that are using open SSH? You would have to install that anyway in order to be able to access the phone. Depending on how you jailbreak your phone it will give you different options, in which one will prompt you to download open SSH. One of the other options if graphical only which does not prompt you to download open SSH program(s).

[acuratl04driver]

stupid double post.

[play7]

oh wow!!!!!!!!!!!!!!!

[shycelticwitch]

Serves them right.

[edtmark]

Another reason why jailbreaking your phone is never a good idea.

[anhzero]

Hack my iPhone, listen to my conversation. Good luck understanding it!!!

[tundraboy]

I still don't understand why this guy can't be nailed by simply tracking him down through his paypal account.

[askermana271275]

There's a lot more ways to transfer money rather than just paypal, and most of them are much harder to track.

[networksniff]

THTA'S A GR8 THING, PORT SCANNING T MOBILE COMMUNICATION NETWORK CENTER IS REALLY GR8 STUFF.
NEED TO GET READY FOR MOBILE SECURITY.

[CNET editors' note: URL removed]