+ Reply
Page 1 of 5 123 ... LastLast
Results 1 to 20 of 81

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Dutch Jailbroken iPhones "Gehackt"

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Dutch Jailbroken iPhones "Gehackt"


    A Dutch hacker gained access to a number of jailbroken iPhones that were running ssh with root passwords set to default, and demanded €5 to restore them. He's since returned the money, but the incident highlights a common security issue with jailbroken phones.

    It seems likely that the hacker portscanned for ssh on the T-mobile Netherlands network in order to find jailbroken iPhones with SSH running. He then changed their wallpaper to a graphic that mimics an SMS message, reading: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." The website contains a link to a PayPal account, and users were told to send him €5 for instructions on how to regain access to their phones. He also left the following message:
    "If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
    He subsequently apologized for asking for the money, and posted the restore instructions on his website.

    The exploit is not a complicated one, and a commenter to Ars Technica noted that security researchers have done it in the past, and downloaded users' SMS databases as a "proof of concept" that the security hole exists. A Netherlands-based commenter on tweakers.net provided this pithy explanation that will probably be understandable even by readers who speak no Dutch.

    A concern that I have involves problems users have noted after changing their root passwords using the passwd utility, as the Dutch hacker directs his "victims" to do. Users have reported that after changing the password using that method and rebooting, an "Edit home screen" message appears and Springboard crashes, entering a loop and rendering the device unusable. The phone then has to be restored.

    Has anyone had success with changing passwords using passwd... and if not, did the reported workaround solve the issue?

    image via tweakers.net
    Last edited by Paul Daniel Ash; 11-04-2009 at 09:09 AM.

  2. The Following 4 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    D4VID4F (05-01-2010), moochermaulucci (11-04-2009), musicguy303 (11-04-2009), tattoojack (11-05-2009)

  3. #2
    Green Apple Cow_King's Avatar
    Join Date
    Nov 2008
    Posts
    30
    Thanks
    1
    Thanked 3 Times in 3 Posts

    well that sucks lol

  4. #3
    My iPhone is a Part of Me
    Join Date
    Apr 2009
    Posts
    652
    Thanks
    49
    Thanked 32 Times in 29 Posts

    what!!!! Now My S*** Can Get Hacked F***!!!!!!

  5. #4
    Green Apple
    Join Date
    Jun 2009
    Posts
    50
    Thanks
    17
    Thanked 1 Time in 1 Post
    Well I am changing my password today, just to be sure no one is going to hack into my iPhone
    Last edited by petterloco1; 11-04-2009 at 09:24 AM.

  6. #5
    Developer n00neimp0rtant's Avatar
    Join Date
    Feb 2008
    Location
    Pittsburgh, PA
    Posts
    1,341
    Thanks
    25
    Thanked 600 Times in 136 Posts

    This isn't hacking. This is just using SSH over EDGE. And being a ****.

  7. #6
    iPhone? More like MyPhone ty22's Avatar
    Join Date
    Dec 2008
    Location
    Pittsburgh, PA
    Posts
    256
    Thanks
    26
    Thanked 10 Times in 7 Posts

    I guess he is a hardcore apple fanboy? Well I'm a mild fanboy but this is crazy.

  8. #7
    Green Apple
    Join Date
    Aug 2008
    Posts
    91
    Thanks
    7
    Thanked 4 Times in 4 Posts

    Default lol
    How dum you got to be to pay him lol...
    Restore? Change the "APLINE" ...

    I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..
    No Spam - ajl917

  9. #8
    What's Jailbreak?
    Join Date
    Oct 2009
    Posts
    6
    Thanks
    1
    Thanked 3 Times in 2 Posts

    How do you change your ssh password? sorry me noob. lol

  10. #9
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Quote Originally Posted by n00neimp0rtant View Post
    This isn't hacking. This is just using SSH over EDGE. And being a ****.
    I kind of agree that it's pushing the definition of "hacking," though at least he used port scanning. As much as I dislike the down-defining of hacking as being "any unauthorized access of a device," there's at least some creativity in his exploit, so I'm going with the term the media is using in this case.

    It was a **** move to ask for money, but it's good that he returned it. Provided that this leads to more awareness of ssh security, no harm no foul.

  11. #10
    iPhone? More like MyPhone Ticko's Avatar
    Join Date
    Sep 2008
    Posts
    218
    Thanks
    8
    Thanked 12 Times in 10 Posts

    haha kinda funny actually for people to fall for this...good hole he showed though making people realize to either change their pw or TURN OFF SSH if ur not using it...simple

  12. #11
    Livin the iPhone Life exNavy's Avatar
    Join Date
    Jun 2007
    Location
    Arizona
    Posts
    1,039
    Thanks
    56
    Thanked 169 Times in 124 Posts

    Quote Originally Posted by centriod View Post
    How do you change your ssh password? sorry me noob. lol
    Well you have to have openssh on the phone. It's easier to do if you have mobile terminal installed on the phone as well. You could also do this via terminal on your Mac.

    ssh [email protected] (or whatever your IP address is)
    alpine
    passwd

    You will now be prompted to enter a new password. You will then be prompted to enter the password again. Your root password is now changed. Remember this when you log in using Fugu or Terminal again. If you forget your password, then you will have to restore the iPhone.

    Now enter the following:
    passwd mobile

    You will now be prompted to enter a new password. You will then be prompted to enter the password again. Your mobile password is now changed.

  13. #12
    iPhoneaholic xwinger's Avatar
    Join Date
    Jul 2008
    Location
    Calgary, Canada
    Posts
    470
    Thanks
    39
    Thanked 26 Times in 24 Posts

    I'll turn off ssh now
    I am not a jailbreak n00b
    I like to drink iPhoneahol...
    Circa 2008

  14. #13
    iPhoneaholic Fallguy's Avatar
    Join Date
    Dec 2008
    Location
    USA
    Posts
    360
    Thanks
    34
    Thanked 22 Times in 18 Posts

    Thats just wrong . This guy looks like he was actually trying to extort money and then realized his mistake . What a douche .

  15. #14
    What's Jailbreak?
    Join Date
    Oct 2009
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by sale666 View Post
    How dum you got to be to pay him lol...
    Restore? Change the "APLINE" ...

    I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..
    Exactly, if your smart enough to hack it and jailbreak it, you must know that you can always revert back to the original settings by clicking restore on iTunes. Its just like having the Windows or Mac CD and putting it in your computer and hitting restore. DUH!!!

    1 Question, Cant you just turn SSH off and they cant get into your phone, or do you still have to change the password?

    -if you do have to change the password, how do I go about doing this without getting the little Springboard error messages??

  16. #15
    My iPhone is a Part of Me hollow0's Avatar
    Join Date
    Jun 2008
    Location
    Tampa, FL
    Posts
    671
    Thanks
    49
    Thanked 49 Times in 39 Posts

    I had never changed my ssh password but i've always kept it off. I never turn it on because i know someone else could use it..so i was secure in that method. But to be safe one should always change the password and never leave ssh open unless you're planning to use it.

  17. The Following User Says Thank You to hollow0 For This Useful Post:

    jerru-san0901 (11-04-2009)

  18. #16
    What's Jailbreak?
    Join Date
    Mar 2008
    Location
    VTE, Laos
    Posts
    7
    Thanks
    0
    Thanked 4 Times in 1 Post
    the easy way to change the root password is
    install mobile terminal fro Cydia
    after finish install please home button to go back to Home screen
    look for mobile terminal then open
    type "su" (without quote)
    then password "alpine" (without quote)
    now you are logging as root
    type "passwd" (without quote)
    type your new password
    retype your new password

    That's it

    after the instruction try to log in then enter password "alpine"
    the system will deny it.
    hope it help.

    Greeting from Laos

  19. The Following 4 Users Say Thank You to deth For This Useful Post:

    bruinsrme (11-04-2009), D4VID4F (05-01-2010), hova47x (11-20-2009), mrbilloldschoolgamer (11-05-2009)

  20. #17
    iPhone? More like MyPhone Sadhunni's Avatar
    Join Date
    Jan 2009
    Location
    New York
    Posts
    229
    Thanks
    2
    Thanked 8 Times in 7 Posts

    I dont know. This dude is freaking me out. I cant imagine he going through my pictures but hey, I dont use SSH. So I have nothing to worry?

  21. #18
    iPhone? More like MyPhone
    Join Date
    Jun 2009
    Posts
    111
    Thanks
    6
    Thanked 2 Times in 2 Posts

    thats classic, I would just turn it off. Also I hope just having it off makes it less likely to happen.

  22. #19
    Livin the iPhone Life mikerlx's Avatar
    Join Date
    Oct 2008
    Location
    USA
    Posts
    1,366
    Thanks
    19
    Thanked 48 Times in 44 Posts

    Thats incredible and why I'm going to ATT when my tmobile contract is up. I am still restricted with unlocked iphone, so I can't remember to turn ssh off everytime a new firmware update comes out or if i have to restore custom ipsw. I ain't saying att is no better but I can't remeber to do all this stuff plus I forget all the themes and cool apps that get erased in the restore process. Guess I am getting older mid-life crisis?
    Last edited by mikerlx; 11-04-2009 at 10:38 AM.

  23. #20
    Livin the iPhone Life sziklassy's Avatar
    Join Date
    Jan 2008
    Location
    Iowa (ISU for Vet School!)
    Posts
    3,920
    Thanks
    69
    Thanked 310 Times in 264 Posts

    Because it is hard to change your SSH password. Those that got hacked deserve it....
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------
    I once prayed to God for an iPhone, but quickly found out He didn't work that way...so I stole an iPhone and prayed for His forgiveness.

    A dog is the only thing on earth that loves you more than you love yourself. - Josh Billings

+ Reply
Page 1 of 5 123 ... LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts