Hmm, didn't notice the last line.

"...or it did until the hacker apparently had a change of heart and posted the instructions for free, along with an apology for his misguided moneymaking scheme."

/nvm

I beg to differ. He didn't have a change of heart. Somebody just has informed him that it's illegal to hack to other people phones and then charge people money to undo the "magic". Even more so that by providing his website he was easily trackable.

I sooner think someone found his home address and that convinced him it might be better to play nice and not have his face re-arranged?

I don't see what's wrong with this, BitDefender, Kaspersky,Webroot ...do this on daily basis. Oh wait, he shouldn't have been so open about his scheme.

No they don't activate an exploit to advertise themselves, there are sites that do it though, but those are scam sites collecting people's CC data.

The problem with his scheme was he targeted jailbreakers. He could have easily faced retaliation.

@Aaron,

The jailbreakers that would be intelligent enough to retaliate, wouldn't have left SSH running in the first place.

So from what everyone is saying.. the guy kinda sounds like a douche.

@Aaron via @silenceikillyou

Or they would have been smart enough to change the root and mobile passwords.

Every jailbreaker with half a brain has known about this "security hole" sine 1.0. Quick Google turns up this post from 2007 (http://www.ipodtouchfans.com/forums/showthread.php?t=2166).

So this guy isn't saying anything new. He's just a douche.

Hey I don't have a problem with charging money for services, but he's an ass for spamming it out to people like that

@JohnTitor -

So if I understand your statement correctly, you are upset that someone (aka millions of people) circumvented Apple's software illegally creating a security hole when they hacked/unlocked their phone and then someone else performed an illegal act to:

a. Inform them that they are exposed
b. offered them a fix they might have not known they had
c. ask for a small compensation for his time/effort

Now don't get me wrong, I think it is stupid that hacking/unlocking your phone is illegal but there are consequences for every action you take. You and only you are responsible. (Unless you live in the US, then the successful 'evil people' end up picking up the slack for all the constant screw ups...but that is a different discussion all together).

Wait... it's illegal to make YOUR phone do more than it's supposed to? Cuz.... I have a HTC Diamond.. and its "jailbroken" so I can flash custom ROMS. It must be illegal too.

He's not a hacker. Most people haven't changed the password from the default so simply connecting to their phones is trivial.

@John,

When you say [millions of people] "circumvented Apple's software illegally creating a security hole when they hacked/unlocked their phone ...", I presume you know for a fact that this would be illegal under Dutch law?

Because it sure isn't under U.S. law. In fact, unlocking is explicitly allowed in the DMCA...

References, please.

Can't wait to dump my POS HTC Magic for an iPhone.

Why not just get a droid.....

The iPhone is a POS because someone was able to exploit a feature added at the user's own risk? I'm a big fan of Android and everything, but this isn't the first, and certainly won't be the last, hacking of phones going on. The Droid won't be free from hacking problems; on the contrary, because it is open source there will likely be all kinds of hacking going on in the future, complete with stolen data.

Can't wait to dump my POS LG Vu for a Zack Morris brick phone.

Naw, *nix based OSs are the most secure and have a proven track record for it. SSH left open? Then why yes, its like leaving your keys in the door. Duh.

Can't wait to drop my HTC Touch HD for the HTC Touch HD2!

@All things considered, Though the idea that OS automatically means more people will look into the insides of a piece of software and because of that it´s more vulnerable compared to non-OS its a misconseption. If ... and to take it to the outer limits compare Windows / Linux / OSX there has been an everlasting debate about which is the safest piece of software yet the end result is while maybe more vulnerabilities in Linux gets appointent high-risk they also get fixed fastest and more important it´s clear that they are actually fixed. While with an OS update like OSX does or a service patch it´s always the question what actually happens. It maybe just some bugsquashing but who knows they also close holes which may have a big influence on other software. It wouldn´t be the first time that an update resulted in massive problems for the endusers due this untransparancy.
Now to extend the claim that OS means it´s more open, you can also look from the other side. OS projects often attract thousends of developers who can all look into the software and if you use Linux for example you´ll see especially with Ubunut how many fixes are done on a daily base. Not due hacks like what happens here but because people simply find flaws in the software. Nice thing about all these fixes is that its very clear what happens. I prefer transparancy over a black box in which you have to hope that the end-developer, int his case Apple, has the best meaning for the user. And... the more I read Engadget, the more I doubt this is actually the case.

actually, most jailbreakers are just looking to get free apps or unlocks, they may have not even done the jailbreak themselves. so its more like pirates getting spyware from software, which is quite common

@ Jack Liu

Speaking to officer -

"Honestly sir, I didn't break into the fun park and steal that gocart meant for their track only... I found someone else to create a device that auto unlocks any gocart I point it at. At that point I was free to take that gocart anywhere.

The term hacker is clearly used by PROF3TA to mean someone who has illegally or legally modified their rom to circumvent software used to keep the phone on ATT or to only use "high quality (BullShite)" apps approved by Apple.

hmm, I never noticed that. Odd. I've never regularly run a jailbroken phone though, just for a few weeks at a time.

Nah, OpenSSH doesn't run unless something is connected to it, so it doesn't have any huge impact on the device if at all.

It does run, that's why it's called a daemon ( http://en.wikipedia.org/wiki/Daemon_%28computer_software%29 ). I runs in the background listening for connections on its designated port. That takes power, much like turning on push mail.

Except that you'd never be running an SSH daemon if the first place if you weren't running a hacked phone. There are a lot of things to be annoyed at Apple for, but this isn't one of them.

I'm not annoyed at Apple at all.

The point is, there's no way that Apple are going to stop Jailbreakers and hackers, look at what happened at Pwn2Own this (and last) year. They need people like this who find weaknesses, and help users patch them (admittedly, he was charging, but the letter on his website is pretty apologetic, and he has released the info free).

15 years ago, if something like this happened, this guy would be on Apple's Dev team within weeks, but these days, they just turn a blind eye (and all other companies, of course).

BS

More like THIS is why people should think twice before jailbreaking their phones and leaving them open to these attacks.

You mean like this? http://jobs.apple.com/index.ajs?BID=1&method=mExternal.showJob&RID=42223&CurrentPage=1

Hmm, the website doesn't exist.

Funny that.

What security hole? The only security problem is that you're running a daemon that allows for remote login, and most people don't bother (or more likely don't know enough) to change the default password and/or kill the daemon when they aren't using it. His exploit is to write a script that 1) scans port 22 2) attempts to use root/alpine if it gets a reply 3) changes your wallpaper to one with his warning. Not exactly a sophisticated attack.

Good for you. I don't read Gizmodo.