There is a reason why jailbreaking the Apple iPhone is not recommended to users, and especially the ones that are novice in the field of IT. The reason being that, one the iPhone is jailbroken, it becomes extremely vulnerable towards a hack, as has been portrayed by an unusual incident that took place in Netherlands.

A Dutch hacker managed to hack a number of Apple iPhones and sent anonymous warning messages, informing the users that their iPhones are unsecured and tried to charge a €5 (euro) fee from the unsuspecting users. The hack was made possible via accessing the T-mobile Netherlands network that had the Secure Shell (SSH) operational. The SSH is enabled when an iPhone is jailbroken and it remains active, giving any hacker or a person proficient in UNIX to log into the iPhone using simple commands. However, the SSH once activated, is controlled by a default password that is the same for all Apple iPhones. Most of the users forget to change the root passwords, thus leaving their iPhones open to attacks.

The SMS alert sent to the users by the hacker read,

“Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”

Furthermore, the hacker demanded a fee of 5 euros to make the iPhone vulnerability go away.

When the users went to the directed link, the message that greeted them read,

“If you don’t pay, it’s fine by me. But remember, the way I got access to your iPhone can be used by thousands of others—they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.”

However, in a recent update, the hacker has ceased his demands for money and infact is returning any amount that he might have accumulated with his hack. Furthermore, he is now directing the users via his Twitzer page to the a website, that is in the truest of sense providing solutions for he SSH root password issue. Better late than never, I say.

Via Ars Technica.