The importance of properly securing mobile devices has been underlined once again, after a Dutch hacker broke into jailbroken Apple iPhones and displayed a message demanding a 5 Euro ransom be paid.
According to media reports, the hacker used port scanning to identify jailbroken iPhones with SSH running on the T-mobile Netherlands network.
In this instance, the hacker changed the wallpaper on compromised iPhones so they displayed the following message:
Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and dsecure your iPhone right now!
Right now, I can access all your files.. This message won't disappear until your iPhone's secure
A further message demanded that 5 Euros be paid to the hacker’s PayPal account in order to receive instructions on how to remove the backdoor.
Many iPhone owners have jailbroken their devices to allow it to run unofficial code, avoiding Apple’s official App Store. However, some users forget to change the default root password on their device (which is common to all iPhones) – opening a door for potential intruders.
Visiting the page linked to from the message displayed the following message:
If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.
Some have suggested online that the hacker intended no malice in breaking into the iPhones and displaying the messages. but let’s not beat around the bush about this. Unauthorised access and unauthorised modification of data is an offence in many countries around the world.
Just because an individual has poorly protected their computer or mobile phone does not give anybody the right to break in without permission and essentially blackmail them into paying up for a fix.
The one piece of good news is that the Dutch hacker has now taken down his PayPal link, reportedly returned the money he earned and published free instructions on how to remove the backdoor.
Don’t forget – if you’re dead set on fiddling around with the internal workings of your iPhone that you’re not compromising security at the same time.