Filed under: Hardware, Hacks, iPhone
Dutch hacker accesses jailbroken iPhones, requests €5
Running a jailbroken iPhone has its risks, as a Dutch hacker has demonstrated. Specifically, he used a bit of port scanning to find jailbroken phones with SSH running in his native Netherlands. From there, he sent unsuspecting users a message that reads, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."The URL directs the users to Paypal and requests €5 in exchange for instructions that explain how to remove the hack. But how did he get in? By relying on users' forgetfulness. All iPhones have a default root password. Those who forget to change it are vulnerable to this very kind of attack.
Asking for money is kind of a bummer but much less obnoxious that other things he could have done. The moral of the story is pay attention and be thorough when jailbreaking your iPhone.
[Via Ars Technica]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
pjc said 1:43PM on 11-03-2009
The "Hacker" a 17 year old teenager have changed it minds :-)
Ok plan's changed. Here's what to do, good luck and contact me if you have any questions
1. Get an SSH program like putty for windows.
2. SSH to your iPhone. (If you haven't done that before it may take a while, and after that there might come a warning about a key fingerprint. You can just accept that). Login using username "root" and password "alpine". (this is the default password)
3. There's a few commands you have to execute, best is to just copy them:
rm /System/Library/LaunchDaemons/com.apple.syslog.plist
chown mobile /private/var/mobile/Library/LockBackground.jpg
chmod 666 /private/var/mobile/Library/LockBackground.jpg
mv /private/var/mobile/Documents/LockBackground.backup.jpg /private/var/mobile/Library/LockBackground.jpg
4. That's everything to remove my stuff. Now there's one command left to make sure this won't happen again! (-; Again in putty or any ssh client type: "passwd". You'll then be asked for a new password, you can change this into anything you want. The safer the better of course (:
The reason you have to change this password is that it's default is alpine at ALL iPhones. So if anyone knows that (and all hackers do) they can access your iPhone. Now you've changed it this isn't possible anymore!
If you have any questions or something, mail me and I'll try to answer them!
PureInfinity92@mailinator.com (oh and btw the program is designed to remove itself so you should already be clear)
Source: http://mr09.fileave.com/
Reply
Scott said 2:07PM on 11-03-2009
Or you can just disable SSH then no one can even attempt to connect to your phone!
Tom said 1:45PM on 11-03-2009
Extortion: kind of a bummer.
Reply
artifex said 2:01PM on 11-03-2009
No kidding. Wonder if he could also be charged with illegally accessing computers, too, or whatever the equivalent is, there. Doesn't matter if they were unsecured or improperly secured. He still went in without permission, and there's obvious proof of it; his request for money on each phone.
SpookyET said 3:33PM on 11-03-2009
I suspect next to all jailbroken iPhones, millions of them, have the default root password 'alpine'. If all you want is to unlock it and don't need all the extra stuff provided by Cydia, just use creamsn0w http://j.mp/UYDu0
Reply
GoingToAlpha said 2:03PM on 11-03-2009
Officer, that man stole my illegal drugs drugs, arrest him!
Reply
GoingToAlpha said 2:05PM on 11-03-2009
Proofread fail fail.
DistortedLoop said 2:52PM on 11-03-2009
Exactly how is your illegal drugs comparison relevant...?
jonathansoulja94 said 4:13PM on 11-03-2009
jailbroken phones aren't exactly legit to begin with...
A User said 2:33PM on 11-03-2009
Thanks.
Reply
Brian Allen said 2:18PM on 11-03-2009
This is what comes to mind for me:the iPhone for Dummies book
Reply
Max Howell said 2:24PM on 11-03-2009
Why is his nationality in the headline?
Reply
CC said 2:48PM on 11-03-2009
So that you wouldn't be confused. The Euro is used by many countries. Also to let you know where he was from.
antiorario said 2:52PM on 11-03-2009
To make sure U.S. citizens (the only ones who read this blog, most certainly) don't think the hacker is one of them.
:-D
Reply
antiorario said 2:54PM on 11-03-2009
And of course this was meant as a witty response to Max Howell, above. I guess it was TUAW's way to punish me.
DistortedLoop said 2:57PM on 11-03-2009
I wonder if this is specific to certain carriers only. I have a jailbroken iPhone, with ssh enabled and have changed the password.
I have never been able to ssh into my iPhone over AT&T's network, only over WiFi. I'd always assumed that AT&T is blocking the incoming port there. I can certainly ssh over 3G back to my office computer, and I've used the ip address my firewall reports for the iPhone as the reverse.
This guy supposedly port scanned random iPhone ip addresses and found enough to make news by hacking into them. Is TMobile in Europe not firewalled? Is my assumption that AT&T is incorrect?
Gonna need some more investigation.
Reply
Risto T said 3:04PM on 11-03-2009
LOL .. hacker .. LOL ..
This is like buying a house only to have someone walk in the front door and say "Hey man, did you know every house on this block shares the same key? Gimme $5 bucks and I'll tell you how to change your lock".
Let's think about it for a minute now. Who would be held responsible?
The homeowner or the people who built a block full of houses with the same damn key?
It is pretty obvious that if I move into a new house I can make a reasonable assumption that every key is different and I don't have to change the lock right away.
So, there is an obvious design flaw in the jailbreak process. If a graphical program like Pwnage Tool or Cydia installs an SSH server and does not force the user to change the root password then incidents like this are guaranteed to happen.
It should not be up to the user to figure out that they have to change the password.
The slightest understanding of usability or design would have prevented this security problem... sigh.
Reply
Kev orng said 3:13PM on 11-03-2009
If I was to improve this article in any way, it would be to add a few clear words of assistance to those who were hacked. It would be something like: "We won't charge you five euros to help you beat this hack you can either change your password like so .... or plug into iTunes and do a restore thusly ... "
Reply
Jimbo said 3:46PM on 11-03-2009
I don't know if this is useful to anyone but.
****How to change your root password ****
Assuming you have a Jailbroken iPhone
1. Install Open SSH via Cydia
2. Install Mobile Terminal via Cydia
3. Restart iPhone
4. Start Mobile Terminal and type "login root"
5. Enter default root password "alpine"
6. Enter "passwd" command hit return
7. Enter new password, confirm password.
8. Done, your phone is now safe.
Remember there are two passwords one for the mobile account and root account. You can change the mobile if you want also. if you want to do that just skip step 4 and continue with the rest. As you are already in the mobile account when you initially start Mobile Terminal.
Reply
Lance said 4:23PM on 11-03-2009
Don't change your password.
Get OpenSSH or SBSettings and turn off SSH. Simple as that.
Reply