Do you want to know why I hesitate about jailbreaking my iPhone? It’s because I don’t really trust third party developers to provide me with a secure application that doesn’t leave me wide open to port scanning attacks. I’ve jailbroken twice and both times I left it behind once the newest patch from Apple came around. Sure, there’s a host of cool things you can do, but I’d prefer that my phone works when I need it. I’d certainly prefer it if I wasn’t begging hackers to steal my information.
Unfortunately the Dutch are giving us a prime case in point this week, as a witty hacker (which I’d argue is a script kiddie) took advantage of people’s ignorance, by port scanning the T-Mobile network for devices with SSH enabled, and then used the default root password that iSSH, pTerm, and TouchTerm SSH server applications have set by default. He then exploited his access to the file system, displayed a push notification telling them there phone had been compromised, then demanded five Euros to fix it. Sounds enterprising, but still illegal.
I laughed the first time I read this story, but then it got me thinking a little. This is the exact thing Apple Inc. is talking about when they argue their point about a closed iPhone system and how opening up the device could be a potentially dangerous problem.
Stop giving the feed for the fodder. If you’re not bright enough to know you need to change your default root password on your iPhone then you probably shouldn’t be jailbreaking. I know that sounds harsh, but the simple fact remains, one insecurity on a network is an insecurity for all of us. Think about it for a second, the guy had complete access to the filesystem, he could load whatever they wanted to on that phone, or stolen any data he wanted.
So here’s a PSA, change your passwords right now, on everything–your router, your phone, your computer, your modem, your email–if you leave default passwords enabled you’re asking for trouble.
Thanks to Neil McGillivray for sending this in.
Via Arstechnica
Image Credit: foreverdigital
