Exposes security vulnerability

A hacker in the Netherlands has attempted to extort several iPhone owners, reports say. The hacker is believed to have used port scanning to identify T-Mobile-branded phones running SSH, commonly used in jailbreaking techniques. Because many people do not change the default root password on jailbroken devices, the hacker was able to take control of iPhones, and send custom text messages warning them to visit a website in order to resecure their firmware.

Once at the website, doiop.com/iHacked, victims were asked to send €5 to a PayPal account in exchange for instructions on closing the vulnerability. "If you don't pay, it's fine by me," the hacker claims. "But remember, the way I got access to your iPhone can be used by thousands of others -- they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."

Apple has taken a strict stance against jailbreaking, going as far as to call it illegal under the DMCA. New firmware updates from the company regularly disrupt jailbreaking tools. While critics have charged that Apple is locking down devices for its own profit, the company has defended itself by pointing to the increased security risks posed by allowing easy access.

by MacNN Staff