Posted on 11/04/2009 10:57:19 PM PST by Wooly
Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.
Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.
Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:
The now taken offline site was featuring the following message:
“Dear iPhone user,
Your iPhone is not secure. That’s the reason your visiting this page, isn’t it? Well you can pay me $4,95 at my paypal account PureInfinity92@mailinator.com, and I’ll mail you very easy instructions on how to secure your iPhone. You can also contact me at PureInfinity92@gmail.com
If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others. And they can send text messages from your number (like I did..), use it to call (or record your calls), and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advise to secure your phone (: Have a nice day!”
(Excerpt) Read more at blogs.zdnet.com ...
Kid has a bright future in extortion.
Heh - another reason *not* to jailbreak your iPhone. :D
Sounds quite reasonable to me. Whether or not the kid gets any money from the idea, he is offering a product that will plug the hole, which is certainly worth five bucks.
It’s akin to breaking into a home and leaving an advertisement for burglar alarms.
To be more legit he would have had to either: not break in, but make his pitch without it. Or, a still questionable tactic - break in and give the fix for free.
I guess, but it seems to me that the folks that “jail broke” their iPhones did so in order to circumvent the end-user agreement they accepted when they purchased the phone.
As such, it can be argued that the kid’s action is the equivalent of tossing a note through an broken open window and offering a solution on how to repair the window.
But, what the heck. Smart kid. He’ll go far — if he stays out of jail. :-)
ping
I forgot about the jail breaking - which caused the security vulnerability to begin with. Good point.
That’s a violation of the purchaser’s agreement. If I didn’t kinda sympathize with “I bought it, I can do what I want,” I would be leaning towards: the kid’s showing honor among thieves.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.