Yesterday, a “Your iPhone’s been hacked because it’s really insecure!
Please visit doiop.com/iHacked and secure your phone right now!” message
popped up on the screens of a large number of automatically exploited
Dutch iPhone users, demanding $4.95 for instructions on how to secure
their iPhones and remove the message from appearing at startup.
Through a combination of port scanning and OS fingerprinting of
T-Mobile’s 3G IP range, a Dutch teenager has for the first time
automatically exploited a known security vulnerability introduced on
jailbroken iPhones - the SSH daemon which unless modified remains
running with default users root and mobile, using the same password on
each and every device.
Here’s what he demanded, and how he changed his attitude following the
suspension of his PayPal and the spamvertised URL:
The now taken offline site was featuring the following message:
“Dear iPhone user,
Your iPhone is not secure. That’s the reason your visiting this
page, isn’t it? Well you can pay me $4,95 at my paypal account PureInfinity92@mailinator.com, and I’ll mail you very easy instructions
on how to secure your iPhone. You can also contact me at PureInfinity92@gmail.com
If you don’t pay, it’s fine by me. But remember, the way I got
access to your iPhone can be used by thousands of others. And they can
send text messages from your number (like I did..), use it to call (or
record your calls), and actually whatever they want, even use it for
their hacking activities! I can assure you, I have no intention of
harming you or whatever, but, some hackers do! It’s just my advise to
secure your phone (: Have a nice day!”
Following the media coverage, active discussions across popular Dutch IT
forums, and the timely shut down of his PayPal account, the
opportunistic and unethical pen-tester quickly changed his attitude and
posted an apology followed by step-by-step guide on changing the default
SSH password, which he was originally offering for a fee.
Why is this automatic exploitation not a surprise?
* Go through related posts: iBotnet: Researchers find signs of
zombie Macs; iPhone’s anti-phishing protection offers inconsistent
results; Snow Leopard’s malware protection only scans for two Trojans;
New Mac OS X DNS changer spreads through social engineering
The exploitability of the default SSH root login combined with the ease
of OS fingerprinting an iPhone’s, and the descriptive and well known 3G
IP ranges for certain service providers, has already been discussed as
an opportunity for automatically exploiting jailbroken iPhones running
the SSH daemon with default passwords.
In article <nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.net> , News
<News@Group.Name> wrote:
> Through a combination of port scanning and OS fingerprinting of
> T-Mobile’s 3G IP range, a Dutch teenager has for the first time
> automatically exploited a known security vulnerability introduced on
> jailbroken iPhones - the SSH daemon which unless modified remains
> running with default users root and mobile, using the same password on
> each and every device.
it's only there if the user jailbreaks, installs ssh and leaves it
running.
In message <041120091508018998%nospam@nospam.invalid> nospam
<nospam@nospam.invalid> was claimed to have wrote:
>In article <nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.net> , News
><News@Group.Name> wrote:
>
>> Through a combination of port scanning and OS fingerprinting of
>> T-Mobile’s 3G IP range, a Dutch teenager has for the first time
>> automatically exploited a known security vulnerability introduced on
>> jailbroken iPhones - the SSH daemon which unless modified remains
>> running with default users root and mobile, using the same password on
>> each and every device.
>
>it's only there if the user jailbreaks, installs ssh and leaves it
>running.
AND fails to set a password.
Imagine that, SSH left with unprotected root access on a default port
causes devices to get compromised!
In other news, a bank vault was cleaned out by thieves today, the bank
reports that they have no idea how it happened, but they intend to have
a lock installed on the vault's door immediately.
News <News@Group.Name> wrote in
news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
> If you don't pay, it's fine by me. But remember, the way I got
> access to your iPhone can be used by thousands of others. And they can
> send text messages from your number (like I did..), use it to call (or
> record your calls), and actually whatever they want, even use it for
> their hacking activities! I can assure you, I have no intention of
> harming you or whatever, but, some hackers do! It's just my advise to
> secure your phone (: Have a nice day!"
>
>
This is all nonsense. Everyone, well, all the fanbois, know iPhone is
perfect in every way and can't get a virus or trojan at all, just like all
of Apple's products. It's immune! Only Micro$oft and Linux devices can
get attacked.
Just ignore this message and put your little blonde heads back in the
Koolaid. It's a fake! It must be! iPhones are perfect!
On 2009-11-05 21:25:33 -0500, Larry <noone@home.com> said:
> News <News@Group.Name> wrote in
> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>
>> If you don't pay, it's fine by me. But remember, the way I got
>> access to your iPhone can be used by thousands of others. And they can
>> send text messages from your number (like I did..), use it to call (or
>> record your calls), and actually whatever they want, even use it for
>> their hacking activities! I can assure you, I have no intention of
>> harming you or whatever, but, some hackers do! It's just my advise to
>> secure your phone (: Have a nice day!"
>>
>>
>
> This is all nonsense. Everyone, well, all the fanbois, know iPhone is
> perfect in every way and can't get a virus or trojan at all, just like all
> of Apple's products. It's immune! Only Micro$oft and Linux devices can
> get attacked.
>
> Just ignore this message and put your little blonde heads back in the
> Koolaid. It's a fake! It must be! iPhones are perfect!
>
> right?
Exactly. Those who though the iPhone perfect, didn't jailbreak them,
so were not affected.
On 11/5/09 8:25 PM, in article Xns9CBAD9F652BBAnoonehomecom@74.209.131.13,
"Larry" <noone@home.com> wrote:
> News <News@Group.Name> wrote in
> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>
>> If you don't pay, it's fine by me. But remember, the way I got
>> access to your iPhone can be used by thousands of others. And they can
>> send text messages from your number (like I did..), use it to call (or
>> record your calls), and actually whatever they want, even use it for
>> their hacking activities! I can assure you, I have no intention of
>> harming you or whatever, but, some hackers do! It's just my advise to
>> secure your phone (: Have a nice day!"
>>
>>
>
> This is all nonsense. Everyone, well, all the fanbois, know iPhone is
> perfect in every way and can't get a virus or trojan at all, just like all
> of Apple's products. It's immune! Only Micro$oft and Linux devices can
> get attacked.
>
You DID get your flu shots, did you not?!?
George Kerby <ghost_topper@hotmail.com> wrote in
news:C71990DB.37EE2%ghost_topper@hotmail.com:
>
>
>
> On 11/5/09 8:25 PM, in article
> Xns9CBAD9F652BBAnoonehomecom@74.209.131.13, "Larry" <noone@home.com>
> wrote:
>
>> News <News@Group.Name> wrote in
>> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>>
>>> If you don't pay, it's fine by me. But remember, the way I got
>>> access to your iPhone can be used by thousands of others. And they
>>> can send text messages from your number (like I did..), use it to
>>> call (or record your calls), and actually whatever they want, even
>>> use it for their hacking activities! I can assure you, I have no
>>> intention of harming you or whatever, but, some hackers do! It's
>>> just my advise to secure your phone (: Have a nice day!"
>>>
>>>
>>
>> This is all nonsense. Everyone, well, all the fanbois, know iPhone
>> is perfect in every way and can't get a virus or trojan at all, just
>> like all of Apple's products. It's immune! Only Micro$oft and Linux
>> devices can get attacked.
>>
> You DID get your flu shots, did you not?!?
>
>
Sorry, I don't "do" doctors. Haven't paid one in over 42 years!
On 11/6/09 9:30 AM, in article Xns9CBB6AF08BE30noonehomecom@74.209.131.13,
"Larry" <noone@home.com> wrote:
> George Kerby <ghost_topper@hotmail.com> wrote in
> news:C71990DB.37EE2%ghost_topper@hotmail.com:
>
>>
>>
>>
>> On 11/5/09 8:25 PM, in article
>> Xns9CBAD9F652BBAnoonehomecom@74.209.131.13, "Larry" <noone@home.com>
>> wrote:
>>
>>> News <News@Group.Name> wrote in
>>> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>>>
>>>> If you don't pay, it's fine by me. But remember, the way I got
>>>> access to your iPhone can be used by thousands of others. And they
>>>> can send text messages from your number (like I did..), use it to
>>>> call (or record your calls), and actually whatever they want, even
>>>> use it for their hacking activities! I can assure you, I have no
>>>> intention of harming you or whatever, but, some hackers do! It's
>>>> just my advise to secure your phone (: Have a nice day!"
>>>>
>>>>
>>>
>>> This is all nonsense. Everyone, well, all the fanbois, know iPhone
>>> is perfect in every way and can't get a virus or trojan at all, just
>>> like all of Apple's products. It's immune! Only Micro$oft and Linux
>>> devices can get attacked.
>>>
>> You DID get your flu shots, did you not?!?
>>
>>
>
> Sorry, I don't "do" doctors. Haven't paid one in over 42 years!
>
But, the question is:
What do you pay the waitresses at the Waffle House to "do" them?
George Kerby wrote:
>
>
> On 11/6/09 9:30 AM, in article Xns9CBB6AF08BE30noonehomecom@74.209.131.13,
> "Larry" <noone@home.com> wrote:
>
>> George Kerby <ghost_topper@hotmail.com> wrote in
>> news:C71990DB.37EE2%ghost_topper@hotmail.com:
>>
>>>
>>>
>>> On 11/5/09 8:25 PM, in article
>>> Xns9CBAD9F652BBAnoonehomecom@74.209.131.13, "Larry" <noone@home.com>
>>> wrote:
>>>
>>>> News <News@Group.Name> wrote in
>>>> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>>>>
>>>>> If you don't pay, it's fine by me. But remember, the way I got
>>>>> access to your iPhone can be used by thousands of others. And they
>>>>> can send text messages from your number (like I did..), use it to
>>>>> call (or record your calls), and actually whatever they want, even
>>>>> use it for their hacking activities! I can assure you, I have no
>>>>> intention of harming you or whatever, but, some hackers do! It's
>>>>> just my advise to secure your phone (: Have a nice day!"
>>>>>
>>>>>
>>>> This is all nonsense. Everyone, well, all the fanbois, know iPhone
>>>> is perfect in every way and can't get a virus or trojan at all, just
>>>> like all of Apple's products. It's immune! Only Micro$oft and Linux
>>>> devices can get attacked.
>>>>
>>> You DID get your flu shots, did you not?!?
>>>
>>>
>> Sorry, I don't "do" doctors. Haven't paid one in over 42 years!
>>
> But, the question is:
>
> What do you pay the waitresses at the Waffle House to "do" them?
>
....and to complete his thought, can George watch?
Are you Dutch? (was Re: jailbroken iPhones compromised, $5 ransom demanded)
News <News Group.Name> wrote:
> Yesterday, a "Your iPhone's been hacked because it's really
> insecure! Please visit doiop.com/iHacked and secure your phone
> right now!" message popped up on the screens of a large number
> of automatically exploited Dutch iPhone users, demanding $4.95
> for instructions on how to secure their iPhones and remove the
> message from appearing at startup.
No such message has appeared on my jailbroken iPhone.
>
> Through a combination of port scanning and OS fingerprinting of
> T-Mobile's 3G IP range, a Dutch teenager has for the first time
> automatically exploited a known security vulnerability introduced on
> jailbroken iPhones - the SSH daemon which unless modified remains
> running with default users root and mobile, using the same password on
> each and every device.
>
> Here's what he demanded, and how he changed his attitude following the
> suspension of his PayPal and the spamvertised URL:
>
> The now taken offline site was featuring the following message:
>
> "Dear iPhone user,
>
> Your iPhone is not secure. That's the reason your visiting this
> page, isn't it? Well you can pay me $4,95 at my paypal account
> PureInfinity92 mailinator.com, and I'll mail you very easy instructions
> on how to secure your iPhone. You can also contact me at
> PureInfinity92 gmail.com
>
> If you don't pay, it's fine by me. But remember, the way I got
> access to your iPhone can be used by thousands of others. And they can
> send text messages from your number (like I did..), use it to call (or
> record your calls), and actually whatever they want, even use it for
> their hacking activities! I can assure you, I have no intention of
> harming you or whatever, but, some hackers do! It's just my advise to
> secure your phone (: Have a nice day!"
>
> Following the media coverage, active discussions across popular Dutch IT
> forums, and the timely shut down of his PayPal account, the
> opportunistic and unethical pen-tester quickly changed his attitude and
> posted an apology followed by step-by-step guide on changing the default
> SSH password, which he was originally offering for a fee.
>
> Why is this automatic exploitation not a surprise?
>
> * Go through related posts: iBotnet: Researchers find signs of
> zombie Macs; iPhone's anti-phishing protection offers inconsistent
> results; Snow Leopard's malware protection only scans for two Trojans;
> New Mac OS X DNS changer spreads through social engineering
>
> The exploitability of the default SSH root login combined with the ease
> of OS fingerprinting an iPhone's, and the descriptive and well known 3G
> IP ranges for certain service providers, has already been discussed as
> an opportunity for automatically exploiting jailbroken iPhones running
> the SSH daemon with default passwords.
>
>
>
> http://blogs.zdnet.com/security/?p=4805&tag=nl.e550
>
>
--
> Path: news.astraweb.com!border5.newsrouter.astraweb.com! news.glorb.com!news2.glorb.com!npeer03.iad.highwin ds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!Xl.tags.giganews.com!border1.nntp.dca.gi ganews.com!nntp.giganews.com!local2.nntp.dca.gigan ews.com!nntp.speakeasy.net!news.speakeasy.net.POST ED!not-for-mail
> NNTP-Posting-Date: Wed, 04 Nov 2009 13:56:36 -0600
> Date: Wed, 04 Nov 2009 14:56:38 -0500
> From: News <News Group.Name>
> Organization: <undiscernible>
> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
> MIME-Version: 1.0
> Newsgroups: alt.cellular.attws,alt.cellular.cingular,misc.phon e.mobile.iphone
> Subject: jailbroken iPhones compromised, $5 ransom demanded
> Content-Type: text/plain; charset=windows-1252; format=flowed
> Content-Transfer-Encoding: 8bit
> Message-ID: <nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d speakeasy.net>
> Lines: 56
> X-Usenet-Provider: http://www.giganews.com
> NNTP-Posting-Host: 216.254.112.65
> X-Trace: sv3-r6yk7s+IFgXGwOdVSgAl6OSxN9UR2yP3Mi3JiV60yjwwcR1jc4 ttbqY/255DHTbVJCtWtqmrREbaAUI!agX4r5H1+LvuF+fu63reMg+vZh np/Nto4JD9Byr6GTcIjdeZM3jw0vYNhr1R5J+ZMb+d3RDsx+Nm!i4 SP8rlre5HX1QG42gGJwezdwvaekzC5
> X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
> X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
> X-Postfilter: 1.3.40
>
> George Kerby wrote:
>>
>>
>> On 11/6/09 9:30 AM, in article Xns9CBB6AF08BE30noonehomecom@74.209.131.13,
>> "Larry" <noone@home.com> wrote:
>>
>>> George Kerby <ghost_topper@hotmail.com> wrote in
>>> news:C71990DB.37EE2%ghost_topper@hotmail.com:
>>>
>>>>
>>>>
>>>> On 11/5/09 8:25 PM, in article
>>>> Xns9CBAD9F652BBAnoonehomecom@74.209.131.13, "Larry" <noone@home.com>
>>>> wrote:
>>>>
>>>>> News <News@Group.Name> wrote in
>>>>> news:nMGdnYwwFNrpQWzXnZ2dnUVZ_jJi4p2d@speakeasy.ne t:
>>>>>
>>>>>> If you don't pay, it's fine by me. But remember, the way I got
>>>>>> access to your iPhone can be used by thousands of others. And they
>>>>>> can send text messages from your number (like I did..), use it to
>>>>>> call (or record your calls), and actually whatever they want, even
>>>>>> use it for their hacking activities! I can assure you, I have no
>>>>>> intention of harming you or whatever, but, some hackers do! It's
>>>>>> just my advise to secure your phone (: Have a nice day!"
>>>>>>
>>>>>>
>>>>> This is all nonsense. Everyone, well, all the fanbois, know iPhone
>>>>> is perfect in every way and can't get a virus or trojan at all, just
>>>>> like all of Apple's products. It's immune! Only Micro$oft and Linux
>>>>> devices can get attacked.
>>>>>
>>>> You DID get your flu shots, did you not?!?
>>>>
>>>>
>>> Sorry, I don't "do" doctors. Haven't paid one in over 42 years!
>>>
>> But, the question is:
>>
>> What do you pay the waitresses at the Waffle House to "do" them?
>>
>
>
> ...and to complete his thought, can George watch?
>
And the Prodigal Son come to the aid of daddy...
jailbroken iPhones compromised, $5 ransom demanded 
Linear Mode
