Apple's iPhone is rather popular for a few reasons, and one of those is 'jailbreaking'; that is, freeing your device from Apple's limitations and installing any software desired. However, it's not all good news, as a hacker has recently broken into some phones and demanded a ransom.The hacker broke into a few unwary Dutch iPhone users' phones, after they made the mistake of leaving their SSH password default, as initially discovered in this thread (in Dutch). According to Ars Technica, the hacker then sent SMS messages from the phones in question stating, "You iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked [link seems to have been taken down now] and secure your iPhone right now! Right now, I can access all your files." Of course, once you visit the aforementioned site, the hacker asks for a reward of €5 to be sent to a PayPal address in order for him to leave the victim alone. The hacker went on to state, "If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."
This shows how careful you have to be when messing around with things such as this; a simple slip of the memory can lead to something far more sinister. Though the hacker seems to be pretty unfocused on removing or destroying data, others might not be so forgiving.
To clarify this issue a bit further, for your iPhone to be in any danger you'd have to meet the following criteria:
- Your device must have been jailbroken.
- The device must have an SSH application installed (OpenSSH, for example).
- SSH must be enabled for this to work, and the password left as default.
Image Credit: Gizmodo
That is NOT why Apple keeps its devices locked down.
Not their main reason perhaps, but it's one of the reasons. At least that's what Apple would have you believe.
wonder why this happens only on iPhone.
Cause its the most sort out after phone, the only phone thats hacked into over and over again just out of interest.
This might happen if Android comes out on a phone with similar status to the iPhone. Who knows, the Motorola Droid may be next
Just like the Windows hacking issues. When you have the majority, people are going to attack your platform. The same will happen to MacOS or Linux if it ever becomes mainstream.
Exactly what we've been saying to the Apple fanboys that say Mac is more secure.
sudo alt f4
Open terminal (if you don't have it installed, get it from Cydia, then launch it)
Type in SU, and when prompted enter 'alpine' without the quotes as the password
when the command prompt appears, type in 'passwd' again without the quotes, and press return. Type the new password in, press return then type it in again. Job done
And thanks to the poster for the heads up
Ahh, the much lauded shield of obscurity. Becoming a little weak lately though, isn't it
don't jailbreak yer iPhone and you won't have any problems.
People that think only the PC has problems when it comes to security are pretty wrong. I've seen phones hacked with specially sent sms's for years now.
If your to stupid to not change the root password... *ANY* default password, on install you deserve to get screwed.
Secure it properly? Apple advertises their products as the most secure...they dont get hacked or get viruses/malware. If you were a novice computer user and read this, wouldnt you feel all save and cozy thinking you were untouchable with your apple products?
They jailbreak it because apple lock it down so much.
But yet the Android phones that are rooted are not getting hacked...and android doesnt mind the rooted phones and encourages it.
Andriod phones aren't hacked YET, probably because nobody gives a f...
Andriod phones aren't hacked YET, probably because nobody gives a f...
Android is gaining popularity. There was a time when no one gave a F about Apple as well...but their arrogance is getting the better of them
Also this really sucks because of some of the above comments such as Apple using this story against the jailbroken community and other people freaking out about how jailbreaking their phone is dangerous when it really isnt
I also wouldn't really call this hacking either...this wouldn't be all that hard to do and I'm not a hacker or coder
This is just a really unlucky guy that left something open and someone took advantage of.
But yeah keep SSH off when your not using it.
This is just a really unlucky guy that left something open and someone took advantage of.
You wouldn't? What do you think hackers do, magic?
Who's "they"?
Apple & he's talking about the SSH password.Silly me, I didn't realize that OpenSSH was only with a Jailbreak.THIS DOES NOT AFFECT NORMAL USERS.
default
and is not needed anymore with programs like iFunbox
THIS DOES NOT AFFECT NORMAL USERS.
Captain Obvious? Is that you?
Apple's approach to securing the iPhone is hamfisted and inflexible - either all or nothing. Kind of like Catholic church approach to sex before marriage - no under any circumstance, period. And no condoms.
This inevitably forces some people to abandon the Apple confines, and inevitably get infected, because other than Apple's all-encompassing control, there are no other security measures.
Restricting freedom and centralizing control is a Bad Thing. WinMo is better in this regard.
Say what you will for Apple keeping their products locked down so this wont happen...you can ROOT a Android phone (which is like jail breaking) and Android hasnt been targeted yet. Also, Linux is open source as well and you dont see that getting nailed left and right either. Me thinks Apples arrogance and big headedness is getting the best of them...FINALLY!
Exactly. No amount of BMW engineering can thwart user stupidity.
Apparently you didn't get the memo. The software didn't get hacked, it's just that no one bothered to change the default password.
If Apple was smart, they would make the password a REQUIREMENT to change before the phone can be used.
Apple was owned with the jailbreak.
And now, the jailbreak was owned because the default password in the ssh.
So, indirectly Apple has been owned twice.
Apple software...Apple products...and as such, Apple's fault. Look at what Apple says about Microsoft. They basically said Windows is crap because of malware/viruses. How is MS supposed to prevent this?
The fact that Apple continues to allow jail breaking (yea, they dont approve of it but its still possible) and includes the SSH feature is their fault, period. They created a device that isnt secure and they dont want to admit it, as well as their loyal followers. Microsoft would be 100% secure if it wasnt for everyone else trying to do malicious things to their products. Same thing with Apple....
And Apple cannot require changing the root password? The ADMIN password? Seriously? They are supposed to be top of the line and they cannot require the default root password to be changed by default as a requirement? Please, they can do this without blinking an eye but they wont since they think their products are always perfect.
And look here....http://www.theregister.co.uk/2009/11/03/iphone_hack/
Seems to be SSH is installed by default but jailbreaking is needed to enable it. So yea, something Apple can prevent if they wanted to.
Last edited by techbeck on 03 Nov 2009 - 19:54
Two things have been made clear from this news post: Users are stupid, and a lot of people make up excuses to blindly hate Apple.
EDIT: And you're right, the service is there, but it is not accessible to users by any means until you jailbreak it, nor is there any interface for it before jail breaking, either.
Two things have been made clear from this news post: Users are stupid, and a lot of people make up excuses to blindly hate Apple.
But then again Apple goes and blames other companies for the same things....so its Apples fault...like other things are MS's fault
Two things have been made clear from this news post: Users are stupid, and a lot of people make up excuses to blindly hate Apple.
But then again Apple goes and blames other companies for the same things....so its Apples fault...like other things are MS's fault
If only all of life's problems could be solved so easily
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.