A hacker hijacked a number of jail broken Iphones and tried to extort €5 from their owners.
The Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. Jailbroken iPhones often have SSH enabled so that they can log in via Terminal and run standard UNIX commands.
Their phones would still be safe but for the fact that Apple used a default root password which many forget to change after jailbreaking.
The hacker relied on unchanged root passwords to hack into the phones. He sent an SMS alert to the hacked phones which says that “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”
If the users go to the website they are told to send €5 to a PayPal account, after which the hacker will e-mail instructions to remove the hack.
Initially he threatened them that if they did not pay then thousands of others can send text messages from your number or use it to call or record their calls. Later he changed his mind, returned the cash and published details of how to secure the phone.
The hack is incredibly simple and is based entirely on the fact that iPhone users know nothing about security and think that Steve Jobs’ aura is all the protection they need.