A Dutch hacker gained access to a number of jailbroken iPhones that were running ssh with root passwords set to default, and demanded €5 to restore them. He's since returned the money, but the incident highlights a common security issue with jailbroken phones.
It seems likely that the hacker portscanned for ssh on the T-mobile Netherlands network in order to find jailbroken iPhones with SSH running. He then changed their wallpaper to a graphic that mimics an SMS message, reading: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." The website contains a link to a PayPal account, and users were told to send him €5 for instructions on how to regain access to their phones. He also left the following message:
"If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
The exploit is not a complicated one, and a commenter to Ars Technica noted that security researchers have done it in the past, and downloaded users' SMS databases as a "proof of concept" that the security hole exists. A Netherlands-based commenter on tweakers.net provided this pithy explanation that will probably be understandable even by readers who speak no Dutch.
A concern that I have involves problems users have noted after changing their root passwords using the passwd utility, as the Dutch hacker directs his "victims" to do. Users have reported that after changing the password using that method and rebooting, an "Edit home screen" message appears and Springboard crashes, entering a loop and rendering the device unusable. The phone then has to be restored.
Has anyone had success with changing passwords using passwd... and if not, did the reported workaround solve the issue?
image via tweakers.net