Hacker Hijacks iPhones, Asks For Ransom While Exposing Security Vulnerability

What happens, when you don’t know what you’re dealing with or you just don’t listen? Well, let me paint you a pretty picture…

Despite all the charts, there’s a significant number of jailbroken iDevices in the world. There are thousands of iPhone sites and blogs on this magnificent www that do the same damn thing: they review apps.On the other hand, we ( we’re not alone ) are dedicating our precious site to help you people staying trouble-free ( among providing you super duper cool things like this new weather lockscreen theme ). What happens, when you don’t know what you’re dealing with or you just don’t listen? Well, let me paint you a pretty picture:

Gizmodo reports, a really funny story about a dutch hacker who is hijacking iPhones from all over the Netherlands and asks for a ransom of 5 euros.  How could he do that? It’s simple, once you install OpenSSH and you turn it on,  its really easy to hack into the device remotely, because every single device in this world has the same root password: alpine.

Apparently all that it took to terrify many Dutch iPhone users was a “trivial” port scanning technique and “a modicum of networking know-how.”

After the hacker gained access to the jailbroken phones with unchanged root passwords and SSH enabled, he sent the pictured message which led to a demand for a €5 PayPal payment and words of caution.

jailbroken_iphone_hacked_intro

This is not a serious threat on  iPhone users, but because of an “insignificant detail” like this, all sorts of things could happen. Fortunately, this dude ( the hacker ) posted for free how to remove his exploit:

  1. Get an SSH program like putty for windows.
  2. SSH to your iPhone. (If you haven’t done that before it may take a while, and after that there might come a warning about a key fingerprint. You can just accept that). Login using username “root” and password “alpine”. (this is the default password)
  3. There’s a few commands you have to execute, best is to just copy them:
  • rm /System/Library/LaunchDaemons/com.apple.syslog.plist
  • chown mobile /private/var/mobile/Library/LockBackground.jpg
  • chmod 666 /private/var/mobile/Library/LockBackground.jpg
  • mv /private/var/mobile/Documents/LockBackground.backup.jpg /private/var/mobile/Library/LockBackground.jpg

Now, what you need to do, to prevent this from happening is to change your default password. Again, every single iDevice in the world has the same root password: alpine. CHANGE IT!!! Read here how to do it