So if you’ve jailbroken your iPhone, installed SSH, and still haven’t changed your password from the default despite our previous warnings about Dutch Ransomers and Australian Rickrollers? Maybe you thought those were just funny (as seen in this video from iPhoneMVP) and not worth worrying about? Well now things have gotten more serious — there’s a new attack making the rounds that just plain steals your data.

Same method of attack, the bad guy scans the local network for insecure SSH on Jailbroken iPhones, and when it finds it, begins to copy your contacts, messages, email, events, photos, media, etc. This could, of course, include passwords, financial data, and those pics you never got around to deleting…

If you haven’t already, go change your SSH password now. If you need help, go to the TiPb iPhone Forums and get it. Just secure your iPhone.

[Intego, thanks to everyone who sent this in]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Jailbroken, Installed SSH, Didn’t Change Password? New Attack Aims to Steal Your Data

For iPhone Jailbreakers using SSH to access their devices — without changing the default password — getting Rickrolled by a worm may be annoying (no worse than getting held for ransom by a hacker) but it’s a sign that far more insidious and malicious attacks are possible — so change those passwords now!

Back to the Rickroll. TUAW reports:

A hacker, going by the name “ikee,” created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

And the new background is, of course, Rick Astley. While removal details are included in an interview with the hacker, it’s better to be safe than sorry. So, check our iMuggle’s tutorial on how to change your SSH password, and change it right away.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Jailbreakers Who Don’t Change SSH Password — There’s a Rickroll for That

Pwn2Own is a hacking contest which in previous years demanded OS exploits on day one, allowed browser vectors on day two (how OS X was compromised last year — thanks Safari!), and opened the floodgates with 3rd party bugware on day three. First person to successfully hack a machine won it as a prize, along with a nice cash bounty for their troubles.

This year, Ars Technica says Pwn2Own is doing something a little different: they’re bringing in the mobiles!

Apple’s iPhone is front and center on their target list, along with the Google Android G1, and devices from the BlackBerry, Symbian, and Windows Phone families. Pwn the mobile and you not only win it, but $10,000 to boot!

Not a lot of solid info on the rules yet, but we’ll keep a look out. Any white hats out there eager to try their luck?

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

Want a Free iPhone and $10,000 Prize? Pwn2Own it!

We had sort of been expecting that the iPhone 3G would be more difficult to unlock because it would be impossible to walk out of a store without signing a contract and activating the iPhone. We all know how that worked out on launch day — iPhones were flying about unactivated anyway. Honestly, given that the 2.0 software has already been fully pwned (read: opened up, jailbroken, made to serve the whims of hackers everywhere), the early unlocking really should be no surprise.

Fernando writes in:

I just saw this today. A brazilian team seems to be the first one in the world to have a fully unlocked 3g iPhone. It’s using brazilian operator TIM, that does not support iPhones here in Brazil; actually the iPhone did not even start selling here, and when it does it will be Claro and maybe Vivo.

The video is in Portuguese, so it might not be clear exactly what’s happening to most readers. The method here, as Gizmodo notes, is

a special card that piggybacks to your SIM card, fooling the phone into thinking it’s using an official carrier. While this is not the software unlock being developed by the usual suspects, the video clearly shows that it works fine.

We know a lot of folks are waiting for a clear path to unlocking and jailbreaking to get the iPhone 3G — it looks like that wait isn’t going to be much longer than an Apple store line.

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

iPhone 3G Unlocked!