Running a jailbroken iPhone has its risks, as a Dutch hacker has demonstrated. Specifically, he used a bit of port scanning to find jailbroken phones with SSH running in his native Netherlands. From there, he sent unsuspecting users a message that reads, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."
The URL directs the users to Paypal and requests €5 in exchange for instructions that explain how to remove the hack. But how did he get in? By relying on users' forgetfulness. All iPhones have a default root password. Those who forget to change it are vulnerable to this very kind of attack.
Asking for money is kind of a bummer but much less obnoxious that other things he could have done. The moral of the story is pay attention and be thorough when jailbreaking your iPhone.
[Via Ars Technica]