Users of jailbroken iPhones beware, a dutch hacker recently discovered and exploited a severe weakness in the iPhone’s service plans. Although jailbreaking an iPhone certainly opens up opportunities to enhance the device’s functionality, it also makes an iPhone less secure.
One enterprising Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. The problem stems from the fact that iPhones all have a default root password that many forget to change after jailbreaking, leaving their phones very vulnerable. The hacker relied on unchanged root passwords to hack into the phones. He then sent what appears to be an SMS alert to the hacked phones (in reality it was a replaced wallpaper) that read, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”
After the victims of the hack went to the website they were told to pay money to a Paypal account. Upon completion of the payment, the hacker would then send them e-mail instructions with instructions on to how to remove the virus. There was also a warning on the website stating that if the victim did not choose to pay, they should be aware that their information could be just as easily hacked by anyone else. However, now it seems that this hacker had no real malicious intent during this hack and was just trying to scam his way into some easy cash. The hacker has issued an apology and has gone ahead and posted instructions on how to undo what he did to all of his Dutch iPhone victims. He has also apologized for having asked for money in return, and has gone far as reimbursing all those who paid him.
This incident highlights the fact that by jailbreaking your iPhone you are subsequently exposing it to security risks. Apple does not condone jailbreaking iPhones all together and this just further reinforces their point.
(Via Ars Technica)