The Mac Security Blog

Apple + Security & Privacy

iPhone Ransomware? Dutch Hacker Exploits Jailbroken iPhone Bug and Asks for Money

Posted on November 3rd, 2009 by

A Dutch hacker has come up with a novel way to make a few euros. Realizing that jailbroken iPhones are generally accessible via ssh, he “breaks into” them, then sends an SMS alert to their owners, telling them the phones are insecure. For 5 euros, he’ll be happy to tell them how to secure their phones.



A bit of background. For those unfamiliar with the term “jailbreak”, it simply means exploiting a weakness in the iPhone so users can install unapproved applications. (Read Wikipedia’s explanation.) Many users do this to get access to iPhone apps that Apple won’t approve. When an iPhone is jailbroken, ssh, or secure shell, access is available over a network. However, this access uses a default password that most users don’t change. Since this password is easy to find (Google is your friend), it’s a cinch for anyone to hack into a jailbroken iPhone, if they can find it.

So this Dutch hacker “used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running,” according to an Ars Technica article that links to a forum thread in Dutch explaining the trick. In other words, the hacker just scanned as many phones as he could find, and, in so doing, found those that were jailbroken.

He then directs users, by sending them an SMS, to a web page, where he asks 5 euros for instructions on how to make the phone more secure. This is not technically “ransomware” – malware that usually encrypts files, then asks a user to pay to get a password to get access to the files again – but it’s close.

This is not a complicated task. As Ars Technica says:

security researchers have done similar port scanning in the past, and downloaded users’ SMS databases as a “proof of concept.” However, this is the first time that it seems the technique has been used in the wild. It’s worth noting that the technique is fairly trivial and could be done by anyone with even a modicum of networking know-how.

So, if you have jailbroken your iPhone, you would do well to change the default ssh password. Again, Google will help you perform this simple operation. If you don’t, any enterprising hacker can get access to everything your phone contains. You don’t want that to happen…

Comments are closed.