Running a jailbroken iPhone has its risks, as a Dutch hacker has demonstrated. Specifically, he used a bit of port scanning to find jailbroken phones with SSH running in his native Netherlands. From there, he sent unsuspecting users a message that reads, “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”

The URL directs the users to Paypal and requests €5 in exchange for instructions that explain how to remove the hack. But how did he get in? By relying on users’ forgetfulness. All iPhones have a default root password. Those who forget to change it are vulnerable to this very kind of attack.

Asking for money is kind of a bummer but much less obnoxious that other things he could have done. The moral of the story is pay attention and be thorough when jailbreaking your iPhone.

---

Filed under: Apple,iphone - @ November 5, 2009 2:42 pm

Tags: hacker, iphone