Hacked iPhones held hostage for 5 Euros

Graham Cluley
Graham Cluley
@[email protected]

The importance of properly securing mobile devices has been underlined once again, after a Dutch hacker broke into jailbroken Apple iPhones and displayed a message demanding a 5 Euro ransom be paid.

According to media reports, the hacker used port scanning to identify jailbroken iPhones with SSH running on the T-mobile Netherlands network.

In this instance, the hacker changed the wallpaper on compromised iPhones so they displayed the following message:

Hacked iPhone

Sign up to our free newsletter.
Security news, advice, and tips.

Important Warning

Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and dsecure your iPhone right now!

Right now, I can access all your files.. This message won't disappear until your iPhone's secure

A further message demanded that 5 Euros be paid to the hacker’s PayPal account in order to receive instructions on how to remove the backdoor.

Many iPhone owners have jailbroken their devices to allow it to run unofficial code, avoiding Apple’s official App Store. However, some users forget to change the default root password on their device (which is common to all iPhones) – opening a door for potential intruders.

Visiting the page linked to from the message displayed the following message:

If you don't pay, it's fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone.

[polldaddy poll=2228830]

Some have suggested online that the hacker intended no malice in breaking into the iPhones and displaying the messages. but let’s not beat around the bush about this. Unauthorised access and unauthorised modification of data is an offence in many countries around the world.

Just because an individual has poorly protected their computer or mobile phone does not give anybody the right to break in without permission and essentially blackmail them into paying up for a fix.

The one piece of good news is that the Dutch hacker has now taken down his PayPal link, reportedly returned the money he earned and published free instructions on how to remove the backdoor.

Don’t forget – if you’re dead set on fiddling around with the internal workings of your iPhone that you’re not compromising security at the same time.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.