Article by George Norman

On 05 Nov 2009

Jailbreaking the iPhone is a process that allows the user to bypass Apple’s official distribution mechanism and run unofficial code on the device. In layman’s terms, you can run applications that Apple does not officially support. It is something that Apple does not want you to do. Back this summer for example, the Cupertino-based software developer went beyond its regular “don’t jailbreak the iPhone because its copyright infringement” claims – it went as far as to say that jailbreaking is desirable to drug dealers.

“Each iPhone contains a unique Exclusive Chip Identification (ECID) number that identifies the phone to the cell tower. […]via jailbreaking, hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously (this would be desirable to drug dealers, for example) or charges for the calls to be avoided,” explained Apple back in July, in a regular review of the U.S. Digital Millennium Copyright Act (DMCA).


Besides Apple's strong desire to see users not jailbreak the iPhone, there is one more reason why one should avoid jailbreaking the device: security. According to Principal Analyst with Independent Security Evaluators, Charlie Miller, jailbroken devices are more vulnerable to security threats than not jailbroken iPhones. This is something we’ve known about since, well, this summer; but it is only now that Charlie Miller’s warnings came true.

In the Netherlands, some jailbroken devices were broken into by an unknown hacker. The hacker then sent the owners of said hacked iPhones a message asking for a ransom. Nothing like “give me money or I’ll hack the sh*t out of your iPhone” but something like “would you pay to find out how I did it?” Here is the exact content of the message the hacker sent:

“Important Warning
Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now!
Right now, I can access all your files. This message won’t disappear until your iPhone’s secure."

The web address has now been taken down. But before it was removed, it asked the victims to send 5€ (about $7) to a PayPal account - an email would be sent informing them how their iPhone was hacked and how to secure the iPhone. And to push the victims into paying, this message used to be posted:

“If you don't pay, it's fine by me. But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.”

The technique the hacker used to break into those iPhones is a fairly simple one. The hacker used port scanning to identify jailbroken iPhones with SSH (Secure Shell network protocol) running on the T-mobile Netherlands network; then the hacker changed the iPhone’s wallpaper to the image presented below. To protect themselves from such events, iPhone users must change the default root password after jailbreaking the device. Or they can simply remove the SSH daemon when it is not in use.

This story comes to a happy ending. It seems that the hacker in question repented and (reportedly) returned all the money received via the PayPal account. Detailed instructions on how to secure jailbroken iPhones from this type of hacking attack have been posted online here.





Tags: Apple, iPhone, Jailbreak, Hacker, Ransom

I Hope you LIKE this blog post! Thank you!

What do YOU have to say about this

Popular News

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29.

30.