• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Dutch Jailbroken iPhones "Gehackt"


    A Dutch hacker gained access to a number of jailbroken iPhones that were running ssh with root passwords set to default, and demanded €5 to restore them. He's since returned the money, but the incident highlights a common security issue with jailbroken phones.

    It seems likely that the hacker portscanned for ssh on the T-mobile Netherlands network in order to find jailbroken iPhones with SSH running. He then changed their wallpaper to a graphic that mimics an SMS message, reading: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." The website contains a link to a PayPal account, and users were told to send him €5 for instructions on how to regain access to their phones. He also left the following message:
    "If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
    He subsequently apologized for asking for the money, and posted the restore instructions on his website.

    The exploit is not a complicated one, and a commenter to Ars Technica noted that security researchers have done it in the past, and downloaded users' SMS databases as a "proof of concept" that the security hole exists. A Netherlands-based commenter on tweakers.net provided this pithy explanation that will probably be understandable even by readers who speak no Dutch.

    A concern that I have involves problems users have noted after changing their root passwords using the passwd utility, as the Dutch hacker directs his "victims" to do. Users have reported that after changing the password using that method and rebooting, an "Edit home screen" message appears and Springboard crashes, entering a loop and rendering the device unusable. The phone then has to be restored.

    Has anyone had success with changing passwords using passwd... and if not, did the reported workaround solve the issue?

    image via tweakers.net
    This article was originally published in forum thread: Dutch Jailbroken iPhones "Gehackt" started by Paul Daniel Ash View original post
    Comments 80 Comments
    1. mnhollie's Avatar
      mnhollie -
      Quote Originally Posted by sale666 View Post
      How dum you got to be to pay him lol...
      Restore? Change the "APLINE" ...

      I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..
      The most extreme measure you should be going to is simply plugging your ipod into your computer and restoring to factory settings. Not too hard, but I guess some people can't think of that
    1. DeathIsMyGift's Avatar
      DeathIsMyGift -
      I think this is kinda funny---only because it didn't happen to me. schadenfreude.
    1. RaginAsian55's Avatar
      RaginAsian55 -
      Quote Originally Posted by sale666 View Post
      How dum you got to be to pay him lol...
      Restore? Change the "APLINE" ...

      I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..

      ^I think you're the "dum***" because "dumb" has a 'b' in it!! That's a word you learned when you were four.


      Unrelated: my root password was never alpine. It was a defaulted password though. Should I still change it anyway?
    1. mnhollie's Avatar
      mnhollie -
      I would just in case. Better safe than sorry
    1. chuckiecheese's Avatar
      chuckiecheese -
      I would of just restored my iphone
    1. romeo_herman's Avatar
      romeo_herman -
      My question, who has been hack, please tell me, anyone???

      If you set your phone auto lock in 1 minute, after phone lock , who can get in into ssh?

      I dont understand how ssh is working, because when I open ssh, I set my iphone to never lock.
    1. starski's Avatar
      starski -
      Quote Originally Posted by deth View Post
      the easy way to change the root password is
      install mobile terminal fro Cydia
      after finish install please home button to go back to Home screen
      look for mobile terminal then open
      type "su" (without quote)
      then password "alpine" (without quote)
      now you are logging as root
      type "passwd" (without quote)
      type your new password
      retype your new password

      That's it

      after the instruction try to log in then enter password "alpine"
      the system will deny it.
      hope it help.

      Greeting from Laos
      This helped me end my paranoia, tanks a million
    1. Xonix09's Avatar
      Xonix09 -
      Does this affect ipod touches?
    1. bbongrip's Avatar
      bbongrip -
      What about turning off ssh by using the SB settings toggle? Wouldn't this solve The problem?
    1. uturn68's Avatar
      uturn68 -
      i think that we should thank this guy for bringing this issue to the forefront. im sure some people new about this, but clearly a lot(myself included) did not.
    1. mnhollie's Avatar
      mnhollie -
      yes it would, but some people can't think of that. It just too logical for people to do it
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by CaptainChaos View Post
      No. Do not turn it off. Just change your password. If you turn it off and your phone ends up in an endless reboot loop then you can't SSH into and fix it. You would have to restore.
      I turn mine off all the time. If it does get stuck in a loop ssh gets turned on each time it is restarted. I turn mine off each time I reboot it with sbsettings.

      So if you get stuck in a loop you are still fine because ssh comes back on automatically each reboot.
    1. nighthawk283's Avatar
      nighthawk283 -
      WOW that is shocking stuff to read, and just wow how that happen that so crazy
    1. rhekt's Avatar
      rhekt -
      yeah i changed my passwd a long time ago...forgot to do it on my latest jailbreak though. thanks for the headsup. very easy to do thru mobile terminal guys....10 seconds tops....[i turn my toggle off as well by the way]
    1. wannabprogramma's Avatar
      wannabprogramma -
      HAHA- i have edge disabled because I'm not on an iphone plan so I don't have to pay for internet...lets see him hack me now!!!!
      P.S.: changing passwords is great but ive heard some bad stuff....if u use 3G/Edge I'd just hit the toggle to turn off ssh except for when I'm using it
    1. bbillh77's Avatar
      bbillh77 -
      Hopefully the windows phone comes out soon to give the hackers something to do
    1. n00neimp0rtant's Avatar
      n00neimp0rtant -
      Quote Originally Posted by bbillh77 View Post
      Hopefully the windows phone comes out soon to give the hackers something to do
      Windows Mobile has been out for YEARS. I don't know what you're talking about.
    1. Cer0's Avatar
      Cer0 -
      Quote Originally Posted by bbillh77 View Post
      Hopefully the windows phone comes out soon to give the hackers something to do
      Love this comment May use that as my sig here lol.
    1. n00neimp0rtant's Avatar
      n00neimp0rtant -
      Quote Originally Posted by cerote View Post
      Love this comment May use that as my sig here lol.
      *high-fives you*
    1. iBwizzle's Avatar
      iBwizzle -
      I just changed my SSH password to "abc123". I now have nothing to worry about...