digg

Facebook Connect Join Digg About
See the original image at arstechnica.com

Dutch hacker holds jailbroken iPhones "hostage" for €5

arstechnica.com Though jailbreaking an iPhone certainly opens up opportunities to add functionality that Apple doesn't approve of, it can also make an iPhone less secure. Several Dutch iPhone users found that out the hard way after a hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them.

Who dugg this? Made popular 22 days ago

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

51 Comments

show profanity settings
expand all
  • xero69, on 11/03/2009, -0/+28So how long until we're readimg about a nasty copycat?
    "Your iPhone has been hacked. To remove this picture of Goatse please visit...."
  • bipolar, on 11/03/2009, -0/+28He doesn't. He just typed in ****** and your computer made it show up as alpine since it's your password.
  • DaviDTC, on 11/03/2009, -0/+18How did you know my password?
  • Rob1n, on 11/03/2009, -0/+18The scary thing is that it's INCREDIBLY easy to do the hack. Because T-Mobile gives all their iPhones a specific range of IP adresses, all you have to do is scan those adresses for port 22 and try logging in using the default password. Bam! you're in and able to change the user background to a goatse!
  • djrbx, on 11/03/2009, -0/+18If you need to SSH to your phone, please run passwd command and change your root password from alpine into something else.
    Also, install sbsettings and turn off SSH.

    Problem Solved.
  • KevinRowz, on 11/03/2009, -2/+19If I did this my alias would be iJacker.
  • nyxerebos, on 11/03/2009, -0/+17I'm not sure this counts as hacking. Leaving a default root password is daft, but being jailbroken doesn't make the phone insecure per se. It's the configuration that's insecure.
  • vodka357, on 11/03/2009, -3/+20There is two things in this world I can't stand. People who hold other peoples iphones hostage and the Dutch
  • linagee, on 11/03/2009, -1/+17Extorting money: There's an app for that!
  • diggymow, on 11/03/2009, -0/+10That's weird it showed up as hunter2 on mine....
  • Ruefus, on 11/03/2009, -4/+14When you need to find someone that has ALREADY HACKED their iPhone, then NOT bothered to change their root password, it's not an Apple 'vulnerability'.

    It's user stupidity.
  • NoBSMan, on 11/03/2009, -1/+9"Lamborghini parked on a public street with the windows down, the doors unlocked, and the keys in the ignition." - Have you ever watched Top Gear? It doesn't look that is easy...
  • dirtmaster, on 11/03/2009, -0/+8restore +1
  • Genma, on 11/03/2009, -0/+8Stupid users: There's an app for that!
  • Awesomebox5000, on 11/03/2009, -1/+8Since, you have to go out of your way to enable SSH on an iPhone, your logic is faulty.
  • DaviDTC, on 11/03/2009, -0/+7The people who are stupid enough to leave the default password are the ones who will pay him the 5 euros. Like the article says, he will most likely just tell them to restore the phone back to factory settings. It's not like he has a program would need to run to let them do this. Without sending the 5 euros you would still be able to restore back to factory settings.
  • JeffD, on 11/03/2009, -2/+9The description is a bit biased, hes not holding them "hostage" in any way. According to the article the linked webpage (which is now down) stated:

    "If you don't pay, it's fine by me"..."I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

    So basically, he left the phones operational but send them a message from their own phone suggesting that they go to his website which sold instructions on how to secure your phone for 5 euros. Sounds like a good deal to me, and theres nothing stopping you (short of knowledge which is what hes selling) from securing it yourself by reloading the firmware and changing the default root password.
  • askantik, on 11/03/2009, -3/+9"It's user stupidity."

    Then not installing anti-spyware and anti-virus on Windows is user stupidity... so Mac users can stop saying Windows gets a lot of malware and instead blame it on stupid users.
  • DaviDTC, on 11/03/2009, -8/+14Apple is behind it!
  • gamepr0, on 11/03/2009, -0/+3but how did bipolar know DaviDTC's password then?
  • BabySinister, on 11/03/2009, -2/+5if you aint dutch,

    you aint much
  • zeroanimated, on 11/03/2009, -0/+3Cracking.....hacking is more along the lines of reverse engineering...
  • pyrates, on 11/03/2009, -1/+3Jailbreaking the iphone/ipod touch does not make it insecure. Adding the ssh daemon and not changing the root password makes it insecure. You have to add this manually afterward, it is never installed by default.
  • eljitto, on 11/03/2009, -1/+3I know this will get dugg down, but does this also effect ipod touches
  • BabySinister, on 11/03/2009, -0/+2just an fyi since i read this yesterday at a dutch site.

    the kid is 17 years old. he asked money for the instructions, but seized to do so once it hit the newsscene. he claims to have a couple dozen iphones cracked, not even 100.
  • unionaire, on 11/04/2009, -0/+2it's not even hacking. the so-called hacker didn't need to break anything to get in.
  • JohnnySoftware, on 11/12/2009, -0/+1Well, it doesn't happen to iPhone users unless they hack their own phone and install SSH on it.

    The ones who do will get robbed of private data, possibly become victims of identity theft or physical crimes, socked with huge phone bills, and possibly have to pay some fines when their phone gets out of line. Not all, but some will. They clearly do not understand what they are doing to their phone and that there is no point in doing it. It is all downside.
  • williethakid, on 11/03/2009, -1/+2Read: "Douche hacker..." lol'd
  • JohnnySoftware, on 11/12/2009, -0/+1Someone said the latest versions of jailbreak do install SSH by default. Assuming that is true, then it's a defacto back door and that makes jailbreak a Trojan. If it is not true, then jailbreak users are not so good at keeping straight what they did vs. what the default jailbreak program does. Either way, it does not inspire confidence.

    If they did an SLA and wrapped everything in legalize that users accepts blame/costs/penalties for all damages that arise from using software - well, guess there will be some sorry and stupid-feeling users. No one is going to convince a carrier or a judge that they didn't think that cell phone calls etc. are completely controlled by software in an iPhone.
  • JohnnySoftware, on 11/12/2009, -0/+1The jailbreak is the vulnerability, not the iPhone. Nice try at shilling for Microsoft, though.

    Gives me the opportunity to point out that the Windows Mobile has had viruses for years, one of which cross infects back and forth between it and Windows PCs via the removable media card thanks to the retarded autorun feature that only Microsoft puts in phones/computers.

    And it would be unfair if I didn't point out that with having under 300 apps in the Windows Mobile apps store and 2+ serious viruses in the wild blows a whole in the "I'm just disease-ridden because I'm popular" claim the size of a whale's mouth. Nobody has paid any attention to that excuse in years. Fact is, Microsoft collected a lot more revenue for selling more copies of their pricey OS so they should have spent more on security. Either way, the hacking is their fault and can't be explained by competition not taking enough market share.

    However, if you want to try... explains why when Firefox got from 0% to 25% markets share and IE market share dropped from 90% to below 60%, hackers did not let up on Windows. In fact, hackers started using IE flaws to install malware they use to rob checking accounts when users access their bank. Serious attack frequency and ways of robbing people/companies/churches/banks increased. IE lost more market share to Firefox and in response, hackers stole $40 million from American's bank accounts, reports the FBI!

    Explain why tens of millions of credit card numbers were stolen from card charge processor Horizon's MS-Windows computers when Horizon passed PCI industry certification for making MS-Windows as safe as it could be for handling information?

    Explain why Windows malware continues to rise FASTER than ever - it rose to 1,000 new malware per day. Pray tell why 8 our of 10 viruses still work against Windows 7. Windows market share has been dropping all year and continued to drop during Windows 7 debut.

    I don't see Mac worms spreading on the Internet. Only Mac Trojan reported in the news was only hitting software pirates who were passing around a stolen version of iWorks one of them hacked. Heck, civil and criminal penalties for that are $200,000 per incident. The Trojan is just one of their worries. People who trade pirated software have their own unique problems, and have for decades.

    Botnets? Only Mac one in the news is the one those iWorks pirates infected each other with.

    Windows botnets - can't even count them all and typical sizes are 10,000 to 50,000 MS-Windows PCs. Last famous Windows botnet in the news attacked our COUNTRY on the 4 of July, our nation's birthday! Pretty anti-patriotic for an American OS. That is like treasonware, or something. There is not even a category for it yet.

    Viruses? Windows for PCs and mobile phones installs them automatically from any removable media. Conficker? Sure, that's a Windows app. All you do is stick a USB memory stick in a PC and it infects itself and spreads it to all the other ones you insert in the future. Why? Windows autorun - it's "feature" Microsoft decided to include. Don't worry, no one else was crazy enough to put that in an operating system - it doesn't happen in Macs, Unix, or Linux.

    Thanks for stopping by and be sure to shill again. Especially, use those stock phrases from Microsoft's marketing department that show how out of touch they are with security and market share stats. I guess they stopped looking at the former when it got really high, and now they have stopped looking at market share when it started fall.
  • NeoTechni, on 11/03/2009, -0/+1Well, yes and no.

    He's doing it by connecting to known IPs provided by cellular carriers.

    jailbroken ipod touches also have SSH enabled but dont have that fixed IP for douchedutch to rely on
  • Awesomebox5000, on 11/03/2009, -4/+5Yeah dude, not changing the default password is as much the fault of Apple's as they are if you leave your front door wide open and get robbed. It doesn't matter what system you're talking about, you need some sort of locking mechanism or your ***** is gonna get jacked.
  • JohnnySoftware, on 11/12/2009, -0/+1It is unauthorized access so yeah sure it counts as access.

    Knowing the password does not count as legal authorization. Anyone old enough to be tried as an adult (18) knows this, even if they live with mommy and daddy. Remember, "mafia boy" got dragged off to jail at age 16, so even teens can land in hot water for hacking.

    Installing SSH in a phone and starting the service up to accept connections is insane.
    Taking advantage of it without the owners/users permission is a federal crime in US and probably many other countries.
  • nyxerebos, on 11/03/2009, -0/+1Hacking is the creative use, misuse or re-use of technology. It may be legal or not, but it's not the illegal part that makes it hacking, but whether it's skilled and creative. What this guy did does not strike me as either.
  • PhillAholic, on 11/04/2009, -0/+1In common usage, a hacker is a person who breaks into computers, usually by gaining access to administrative controls. - wikipedia.
  • seanof, on 11/03/2009, -1/+2He found a flaw in popular jail-breaking software. The trick was knowing that a lot, maybe most jail-broken, iPhone have this flaw and figuring out how to take advantage of it.
  • NeoTechni, on 11/03/2009, -1/+2"Dutch hacker holds jailbroken iPhones "hostage" for €5"

    You misspelled douche.
  • colincornaby, on 11/03/2009, -1/+2I don't know much about jailbreaking, but if jailbreaking automatically enables SSH with a publicly known root password... that is a problem.

    If not, then it's not the fault of jailbreaking.
  • NeoTechni, on 11/03/2009, -0/+1No
  • JohnnySoftware, on 11/12/2009, -0/+1I just feel sorry for the people who read in one of Microsoft's blogs in january that installing this jailBREAK on their COMPETITOR'S cell phone was something they HAD to do!

    There is an article out that says Apple pointed out in July the jailbroken phones could DDoS cell towers and other stuff.
    EFF requested a waiter on DMCA regulations to let people jailbreak iPhones legally.
    Not three months later the jailbroken iPhones are getting hacked, information is being stolen from them, and someone is "requesting" money from them telling them worse things can happen.

    Tells me EFF is no longer as technically swift or as much of a consumer advocate as I thought they were.
  • jon02129, on 11/04/2009, -1/+1You weren't really involved with the scene, then.
  • aristotle0dude, on 11/04/2009, -1/+1I released a theme for the iPod touch and created a few unlock screen wallpaper before the iPhone 3G was released in Canada. After I got my 3G, I lost interest in having a jailbroken device and I sold my iPod Touch to a colleague. With the arrival of the app store with 2.x and onward, most the the reasons for jailbreaking, other than themes, disappeared for me so I did not bother jailbreaking my iPhone 3G. I did eventually jailbreak it to sell it to someone on another carrier after doing a wipe on it first.
  • DeadFox1, on 11/03/2009, -2/+1well that's just a double whammy for you, isn't it
  • aristotle0dude, on 11/03/2009, -3/+2This is precisely why I have not jailbroken my iPhone 3GS. Yes, you can disable SSH whenever you don't need it and you can change the root password but who is to say that the jailbreaking hackers have not left some dormant nasty backdoors into iphones that you are not aware of? I had previously jailbroken my iPod Touch and I was involved in the theme/mod scene for a while but I am wary of the jailbreak software for this very reason.
  • Lowenfels, on 11/03/2009, -3/+1anyone else have the "there's an app for that" song stuck in their head nonstop? make it go away!
  • PhillAholic, on 11/03/2009, -4/+1to gain unauthorized access to something is Hacking.
  • sej7278, on 11/03/2009, -4/+1sounds like propaganda from apple/tmobile to frighten people from jailbraking their iphones.
  • ohreilly, on 11/03/2009, -8/+5But isn't it Apple's rubbish OS that lets you jailbreak it in the first place?

    If you couldn't jailbreak this problem wouldn't exist - therefore it is Apple's fault.
  • Awesomebox5000, on 11/03/2009, -4/+1That's a fine use of capitalism there. Informing lazy/dumb people on how to setup a password on their unsupported jailbroken iPhone for 5 Euros. If people send him money, more power to him, not hurting anybody. Same concept as Dell, HP, Apple, etc pre-assembling computers for people who are simply unaware that you can build a computer yourself that's better for the same or less total cost.

    EDIT: I am aware that many people are aware that they can build computers themselves for less money but chose to purchase a brand for any number of reasons.
  • mkriss5681, on 11/03/2009, -10/+6Granted people jailbreak at their own risk, shocking an Apple product gets a larger marketshare and now seems vulnerable to malware.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.