A Dutch hacker used his knowledge of SSH and jailbreaking to compromise the handsets of unsuspecting iPhone owners in the Netherlands. According to the Ars Technica report, the hacker used a port scanning tool to detect iPhones on T-mobile Netherlands that were running SSH. Many of these owners had installed an SSH daemon and failed to change the root password. This omission gave the hacker access to the handsets.
The unnamed hacker changed the wallpaper on the phones and made it look like he sent the owner an SMS. The fake message was a warning that the phone was hacked and directed the now frightened owner to a website to secure their phones. When this story first hit, the hacker was charging €5 to remove the message and close the SSH hole. After the story broke, he had a change of heart and stopped charging to fix people’s phones. He also gave refunds to people who paid him and provided free instructions that told them how to fix their phones.
This situation turned out favorably for those owners whose handsets were compromised, but next time the outcome may be more serious. Instead of a fake SMS message, the hacker could install a keylogger or other malicious software. It should be a warning to folks who jailbreak their handset. It’s fun to open it up to Cydia and other third-party apps, but that comes with some responsibility on your end to make sure your handset is secure.
[Via Ars Technica]