A number of Dutch iPhone users who had jailbroken their handsets came in for a shock recently, after a hacker was able to target them and attempt to extort 5 euros for instructions on how to "secure" the phone.

The hacker used port scanning to identify phones running on the T-Mobile network in the Netherlands that had SSH running. Most jailbroken handsets enable SSH so that a user can login and run terminal commands, but many people don't bother to change the default root password, leaving their phones vulnerable to attack.

The hacker posted a message on the handset, reading: "Important Warning: You iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files. This message won't disappear until your iPhone's secure".

Visiting that site asks the user to send 5 euros to a PayPal account. Upon receipt, the hacker then promises to send out instructions on how to remove the hack, which Ars Technica reckons would most likely just be a factory reset of the phone.

So if you have a jailbroken iPhone, make sure you secure it by changing the default root password. If you're not sure how to do that, then a quick Google should sort you out. You can also deactivate SSH when you're not using it. The lesson, though, is to not trust sensitive information to a device that's running code you don't 100% trust.

Via: arstechnica.com

Recommended articles