Taking iPhone for Ransom, Then Asking for $7 for the Fix?

[Rob Williams]

From our front-page news:

If there's an interesting method of making some cash, someone is bound to figure out how to execute it to the best of their ability. Over the years, we've heard of stories where someone would code up a robust virus/trojan, release it, and then do horrible things to people's computers. The catch is that the data seemingly ruined by this malware isn't actually ruined, but can be recovered if the user wants to pay a ransom fee.

As horrible as that practice is, I can't help but laugh at it's ingenuity. Ten years ago, I would have never thought of data being held for ransom, as if it were a person, but it's rather common today. Someone in the Netherlands took a very similar route recently, but there's an interesting twist... he had no intention of damaging or ruining people's data, but rather demands cash for the solution on how they could secure themselves.

The product in question is none other than the iPhone, in a jailbroken status. Apparently, there's a security hole somewhere that can allow a cracker to get in and essentially take over the entire phone, including personal data. As you can see in the screenshot below, the words "hacked" are listed at the top. There's also a message that centers itself on the screen that states that the phone's security has been circumvented, and that this person has full access to all the files.

It's not all bad, because should the user want to regain their security, a URL is given. Although down now, the page requested $7 to be sent to a PayPal account, at which point this person would e-mail the victim to explain how to better secure their iPhone. Since this news broke, though, the person had a change of heart and decided to tell everyone how to fix their jailbroken iPhone with a few simple steps, which you can find here. Hopefully this event is one of the very few we'll see happen. With the insane popularity of mobile phones though, something tells me this is just the beginning.

Apparently, the hacker used port scanning to identify phones on the T-Mobile network in the Netherlands running SSH (Secure Shell network protocol), which is commonly used by jailbroken iPhones and allows a user to "log in via Terminal and run standard UNIX commands," according to Ars Technica. iPhone users who don't change the default root password after jailbreaking the device leave the phones vulnerable to attack, the site said.

Source: InSecurity Complex

[Psi*]

I do have mixed emotions about this. Jailbroken phones bought by the "stupid" thinking that they really have something should have to pay. Education has a cost and $7 is nothing ... you wonder *why* the $7, why not $10 or $100?? I live in the world of "IP" or intellectual property & shouldn't the information be worth the protection? After all, the hacker wasn't coming on strong arming people to disable the phone or else. What was being done does not sound illegal. perhaps a bit immoral, but even that I am not sure about. It is about "jailbroken" phones!

Well, this just justifies my own self argument against smart phones as I will look for the simple minded phones when this contract ends.

[MacMan]

The moral of the story - DON"T jailbreak your phone! Anyone stupid enough to jailbreak their phone is simply asking for potential security breaches, plain and simple, even though, it's fun and offers users some benefits, but they are hardly worth the risk.

[Rob Williams]

Quote:

Originally Posted by Psi*

Education has a cost and $7 is nothing ... you wonder *why* the $7, why not $10 or $100??

I kind of agree, but he might have been basing his price on what he figured people would pay. It's a modest price, and who's going to spend $100 to secure their $400 phone? That's kind of excessive. Plus, I am sure a law was broken, given he logged into people's phones and overwrote files.

Quote:

Originally Posted by MacMan

The moral of the story - DON"T jailbreak your phone!

Bingo, haha.