Dutch T-mobile customers that use jailbroken iPhones got a nasty surprise yesterday. A “message” popped up on their screen claiming that their iPhone’s been hacked and instructs them to visit doiop.com/iHacked and secure their iPhones. To add more incentive, the hacker also wrote: “Right now, I can access all your files.”
When the scared users would visit the website, they were asked to send Ã¢â€šÂ¬5 to the hacker’s PayPal account so he can send them instructions on how to secure their device.
How did this happen? It seems that the hacker identified the jailbroken iPhones using port scanning, because those particular devices have SSH running. SSH has to be enabled for the user to log in via Terminal and run UNIX commands, and the default root password often gets forgotten and remains unchanged. The hacker used this fact to hack into the phones.
ars technica reported the incident and they say that one of their readers revealed that this technique was executed in the past by researchers, but this is the first known instance of it being used “in the wild”.
Although it appears that the hacker didn’t misuse any of the data he had access to – afterwards he posted the instructions on the website, apologized and returned the money – it doesn’t mean that someone else will not, since the technique is pretty simple to execute and requires only a basic knowledge of networking.
To all iPhone users that have jailbroken their device, it is advised to shut down SSH when it’s not needed and to change the default root password.