Imagine hanging out somewhere, minding your own business, maybe checking email or texts on your iPhone, when suddenly this message pops up on screen:
If you have a pristine, fully sanctioned iPhone, you can breath easy. Those with jailbroken phones may want to pay attention to this, though: A Dutch hacker has figured out how to tunnel into jailbroken iPhones, via SSH, and remotely turn on the message, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
Understandably, this shocked and unnerved some unsuspecting users in the Netherlands. But was it a random act of helpfulness by some magnanimous stranger? Not exactly. Once on, the alert didn’t go away until the user plunked down €5 via PayPal for instructions on how to remove the hack.
Luckily, the young man wasn’t a thief or data vandal, and no illicitly gotten info was pilfered. He was just a precocious opportunist looking to make some coin — or at least he was. His parents must’ve found out about his shenanigans, because he wound up posting the instructions for free, issuing an apology for this wacky scheme and returning the money. (Kind of like Mom marching you right back into the store to pay for that Snickers bar you pocketed, no?)
But how did he do this to begin with? Sometimes in the jailbreaking process, users forget to change the default root password on their iPhone. All he had to do was find such a handset in range. Scary stuff. Luckily, this guy wasn’t out to do damage. But the next guy might.
So consider this a PSA: If you’re going to break into that phone, don’t leave the backdoor open. Another hacker might follow you in.