Extortion via iPhone. Here is the unpleasant situation, told by Ars Technica, experienced in the past few hours by some Dutch users whose phones had been subjected to jailbreaking. To blackmail them a hacker, who had found a way to enter their phones and send a message with which they launched veiled threats, letting the victims know how their iPhones were vulnerable due to a security hole, exploited by the hacker himself, to close which it would have been "appropriate" to pay 5 euros in exchange for which they would have had instructions on how to eliminate the bug. The consequences of a refusal? Someone could have made a call using the "laundry" telephone number or texted always at the expense of the legitimate and unsuspecting owner.
The affair rightly sent hundreds of people who were seen to deliver the message in fibrillation, also because the hacker claimed in his message that he also had access to all the files on the phone. And the prospect of having someone who can peek into the cell phone, send text messages at our expense and make phone calls against us certainly not reassuring.
In reality the story is much simpler and less worrying, at least in the specific case, than what had been proposed. The hacker had exploited an ingenuity of many of those who apply the jaibroken, activate SSH and do not change the default root password; with a simple scan of doors the pirate sent what looked like an SMS but in reality it was only a modified desktop background, using Unix commands. The hacker was also spotted, apologized, returned the money he had collected and put online instructions on how to get rid of the bulky desk background.
If the affair is resolved for the best and no one will have to pay the ransom to have the security of his iPhone, the problem posed by the story remains completely evident and burning: the hole exploited by the Dutch pirate passes, as mentioned, by jailbreaking. In the specific case, it was an error made by those who applied the unlocking of the mobile phone, who forgot to change the default password, but many are using this story to highlight the risks involved in changing the iPhone security system . In part, the locks set up in the operating system serve to prevent the installation of unauthorized applications, in part they are aimed precisely at preventing events such as that recorded in the Netherlands from happening. On this occasion, the hacker, a teenager, probably would not have been able to do much more than what he has already done, but more experienced, unprejudiced and malicious pirates could find more productive, sophisticated and painful systems to exploit the holes, known and perhaps even unknown, which result in a modified iPhone. At that point, various commentators on the net argue, it will be difficult to appear at the door of Apple, which has always advised against and combats jailbreaking, to ask for what happened.