Jailbroken iPhones hacked via UMTS network
Last weekend, Dutch forums such as tweakers.net were accessed by many iPhone users looking for help after their devices had very obviously been hacked. Their iPhone screens displayed an "Important Warning" informing them they had been hacked. A teenager appeared to be behind the hack, initially charging 5 euros for instructions on how to clean and then protect the affected iPhones.
It turned out the hacker exploited a security problem that has been known for a long time and which only affects jailbroken iPhones. The two user accounts root and mobile have identical passwords on all iPhones. This is of no consequence on the closed iPhone platform, as there is no way of accessing the accounts. However, once the SSH server is installed on a jailbroken iPhone, initially anyone can access the device remotely with administrator level privileges.
The hacker did exactly that and then copied modified background pictures and other files to the open systems via the net. To locate open jailbroken phones, he exploited the nmap network scanner's ability to uniquely identify the Apple smartphones remotely via their open TCP port 62078 (tcpwrapped). As the UMTS networks' IP address ranges are also available, it appears he found plenty of victims this way, but no actual figures have been released so far.
The workaround is just as simple: Users simply need to sign into their own iPhones – via ssh or a terminal app – and reset the passwords for both accounts. However, many users either don't bother with this, or they forget to do it after, for example, a firmware upgrade has restored the original passwords.
Users were initially instructed to send 5 euros to a PayPal account in exchange for this simple tip and instructions on how to clean their iPhones. Confronted with the ensuing outrage, the hacker changed his tack and released free instructions for cleaning the iPhones as well as an apology.
The case is of particular interest because this is the first time that iPhone security issues have been exploited automatically via their mobile internet connections. Even if this hack only affected jailbroken phones, it demonstrates that warnings about increasing risk levels for, and posed by, smartphones do have substance.