Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones – the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.

The teenanger’s attitude quickly changed after the supsension of his PayPal account by PayPal’s IT Support department. The spamvertised website has now been taken offline.