Dutch Jailbroken iPhones "Gehackt"

**Paul Daniel Ash** · 11-04-2009, 09:05 AM

A Dutch hacker gained access to a number of jailbroken iPhones that were running ssh with root passwords set to default, and demanded €5 to restore them. He's since returned the money, but the incident highlights a common security issue with jailbroken phones.

It seems likely that the hacker portscanned for ssh on the T-mobile Netherlands network in order to find jailbroken iPhones with SSH running. He then changed their wallpaper to a graphic that mimics an SMS message, reading: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." The website contains a link to a PayPal account, and users were told to send him €5 for instructions on how to regain access to their phones. He also left the following message:

"If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

He subsequently apologized for asking for the money, and posted the restore instructions on his website.

The exploit is not a complicated one, and a commenter to Ars Technica noted that security researchers have done it in the past, and downloaded users' SMS databases as a "proof of concept" that the security hole exists. A Netherlands-based commenter on tweakers.net provided this pithy explanation that will probably be understandable even by readers who speak no Dutch.

A concern that I have involves problems users have noted after changing their root passwords using the passwd utility, as the Dutch hacker directs his "victims" to do. Users have reported that after changing the password using that method and rebooting, an "Edit home screen" message appears and Springboard crashes, entering a loop and rendering the device unusable. The phone then has to be restored.

Has anyone had success with changing passwords using passwd... and if not, did the reported workaround solve the issue?

image via tweakers.net

**Cow_King** · 11-04-2009, 09:13 AM

well that sucks lol

**lilrican21** · 11-04-2009, 09:15 AM

what!!!! Now My S*** Can Get Hacked F***!!!!!!

**petterloco1** · 11-04-2009, 09:20 AM

Well I am changing my password today, just to be sure no one is going to hack into my iPhone

**n00neimp0rtant** · 11-04-2009, 09:22 AM

This isn't hacking. This is just using SSH over EDGE. And being a ****.

**ty22** · 11-04-2009, 09:30 AM

I guess he is a hardcore apple fanboy? Well I'm a mild fanboy but this is crazy.

**sale666** · 11-04-2009, 09:36 AM

How dum you got to be to pay him lol...
Restore? Change the "APLINE"

...

I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..

**centriod** · 11-04-2009, 09:36 AM

How do you change your ssh password? sorry me noob. lol

**Paul Daniel Ash** · 11-04-2009, 09:37 AM

Originally Posted by n00neimp0rtant

This isn't hacking. This is just using SSH over EDGE. And being a ****.

I kind of agree that it's pushing the definition of "hacking," though at least he used port scanning. As much as I dislike the down-defining of hacking as being "any unauthorized access of a device," there's at least some creativity in his exploit, so I'm going with the term the media is using in this case.

It was a **** move to ask for money, but it's good that he returned it. Provided that this leads to more awareness of ssh security, no harm no foul.

**Ticko** · 11-04-2009, 09:40 AM

haha kinda funny actually for people to fall for this...good hole he showed though making people realize to either change their pw or TURN OFF SSH if ur not using it...simple

**exNavy** · 11-04-2009, 09:42 AM

Originally Posted by centriod

How do you change your ssh password? sorry me noob. lol

Well you have to have openssh on the phone. It's easier to do if you have mobile terminal installed on the phone as well. You could also do this via terminal on your Mac.

ssh [email protected] (or whatever your IP address is)
alpine
passwd

You will now be prompted to enter a new password. You will then be prompted to enter the password again. Your root password is now changed. Remember this when you log in using Fugu or Terminal again. If you forget your password, then you will have to restore the iPhone.

Now enter the following:
passwd mobile

You will now be prompted to enter a new password. You will then be prompted to enter the password again. Your mobile password is now changed.

**xwinger** · 11-04-2009, 09:56 AM

I'll turn off ssh now

**Fallguy** · 11-04-2009, 10:02 AM

Thats just wrong . This guy looks like he was actually trying to extort money and then realized his mistake . What a douche .

**Exile Team** · 11-04-2009, 10:03 AM

Originally Posted by sale666

How dum you got to be to pay him lol...
Restore? Change the "APLINE"

...

I doubt any 1 has actualy fallen for this crap cause if you jailbroken your phone than i doubt your a dum ***..

Exactly, if your smart enough to hack it and jailbreak it, you must know that you can always revert back to the original settings by clicking restore on iTunes. Its just like having the Windows or Mac CD and putting it in your computer and hitting restore. DUH!!!

1 Question, Cant you just turn SSH off and they cant get into your phone, or do you still have to change the password?

-if you do have to change the password, how do I go about doing this without getting the little Springboard error messages??

**hollow0** · 11-04-2009, 10:08 AM

I had never changed my ssh password but i've always kept it off. I never turn it on because i know someone else could use it..so i was secure in that method. But to be safe one should always change the password and never leave ssh open unless you're planning to use it.

**deth** · 11-04-2009, 10:09 AM

the easy way to change the root password is
install mobile terminal fro Cydia
after finish install please home button to go back to Home screen
look for mobile terminal then open
type "su" (without quote)
then password "alpine" (without quote)
now you are logging as root
type "passwd" (without quote)
type your new password
retype your new password

That's it

after the instruction try to log in then enter password "alpine"
the system will deny it.
hope it help.

Greeting from Laos

**Sadhunni** · 11-04-2009, 10:21 AM

I dont know. This dude is freaking me out. I cant imagine he going through my pictures but hey, I dont use SSH. So I have nothing to worry?

**z28kid** · 11-04-2009, 10:27 AM

thats classic, I would just turn it off. Also I hope just having it off makes it less likely to happen.

**mikerlx** · 11-04-2009, 10:31 AM

Thats incredible and why I'm going to ATT when my tmobile contract is up. I am still restricted with unlocked iphone, so I can't remember to turn ssh off everytime a new firmware update comes out or if i have to restore custom ipsw. I ain't saying att is no better but I can't remeber to do all this stuff plus I forget all the themes and cool apps that get erased in the restore process. Guess I am getting older mid-life crisis?

**sziklassy** · 11-04-2009, 10:38 AM

Because it is hard to change your SSH password. Those that got hacked deserve it....

Thread: Dutch Jailbroken iPhones "Gehackt"

LinkBack

Thread Tools

Display

Dutch Jailbroken iPhones "Gehackt"

The Following 4 Users Say Thank You to Paul Daniel Ash For This Useful Post:

lol

The Following User Says Thank You to hollow0 For This Useful Post:

The Following 4 Users Say Thank You to deth For This Useful Post:

Posting Permissions