‘Jailbroken’ Dutch iPhones Held for iRansom

An enterprising hacker this week sent an unsolicited and unremovable message to Dutch iPhone users, illustrating how their jailbroken devices were vulnerable to attacks and demanding a small fee in exchange for instructions to remove the hack.

“Your iPhone’s been hacked because it’s really insecure!” the message read. “Please visit doiop.com/iHacked and secure your phone right now!”

A known vulnerability for jailbroken iPhones allowed the hacker to scan for the phones running on the T-Mobile Netherlands network with an exposed SSH interface and gain access by entering the default password.

When surprised iPhone owners visited the site, they were directed to pay $4.95 to the hacker’s PayPal account if they wanted the step-by-step directions to secure their phones. They were instructed to change the default root SSH password that is used to tamper with the iPhones but users often forget to change when they jailbreak it.

Once word of the extortion started to spread online, the teen hacker’s PayPal account was suspended. He subsequently issued an apology (available here via translation service) and posted the instructions to remove the hack for free.

Apple officials were not immediately available for comment.

It’s unclear if or how many Dutch iPhone users actually paid the ransom to the hacker’s PayPal account before it was shuttered.

Since its first release, the iPhone has been hacked and reverse engineered by would-be entrepreneurs and adventurous users primarily for the purpose of connecting the device to wireless carriers other than the iPhone’s exclusive provider, AT&T.

News Around the Web