News 

The unknown individual was able to log into the phones because their owners had removed Apple's software distribution system. The benefit of 'jailbreaking' the phone, as this removal is known, is that users can install software from sources other than the Apple App Store.

Users then often enable the SSH service on the phone so that they can log in and run commands. This gives them a high level of control over the phone's operating

ADVERTISEMENT

system. However, the SSH service installed on iPhones uses the same default password and it seems that some (possibly most) people neither change this nor disable SSH once they finished making changes.

The upshot is that potentially millions of iPhone are connected to the internet while offering control to anyone who knows their IP address and the default password. In this case the individual used a port scanner to find vulnerable phones and logged in, changing the desktop wallpaper to show a message that reads:

Important Warning
Your iPhone's been hacked because it's really
Insecure! Please visit doiop.com/iHacked and
secure your iPhone right now!
Right now I can access all your files.
This message won't disappear until your iPhone's secure.

The website in question is unavailable at the URL above because doiop has removed its listing, stating, "it has been reported that the keyword was used for spam, phishing and/or abuse. And it was therefore deactivated."