By jailbreaking your iPhone, it opens up lots of opportunities to add some amazing features that you’ll never find on a normal iPhone. Just quote a few examples, jailbreaking lets you use
Winterboard to change the iPhone theme. And, jailbreaking opens the door for
iPhone unlocking and full control of iPhone file system.
However, at the same time, jailbreaking may make your iPhone less secure and you need to take extra measure to secure it, especially you enable SSH on the jailbroken iPhone.
Earlier, as reported by Ars Technica, a Dutch hacker made use of the well-known root password (i.e. alpine) of iPhone and hacked into the jailbroken iPhone. The hacker does not intend to distribute any malicious code or damage your iPhone. He developed a port scanning program to identify jailbroken iPhones on T-mobile Netherlands with SSH running. When the target jailbroken iPhone is found, the program used the default root password to gain access of the iPhone. He then sent an SMS-like alert to the hacked phone that reads, “You iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.” Originally, clicking the link will direct the victim to the hacker’s site and you’ll need to pay €5 for trading with the instruction to remove the hack. Later, however, the hacker changed his mind and post the instructions for undoing the hack without any cost.
Though, this incident doesn’t do any harm on jailbroken iPhone, it signals every jailbroken iPhone users should take extra care to secure their iPhone. To prevent this kind of hack, what you need is to change the default root password. For those who have installed OpenSSH on iPhone, it’s highly recommended to follow these instructions to change the root password.
Changing the root password of iPhone
Step 1. Go to Cydia and install “MobileTerminal” application.
Step 2. Launch “Terminal” app. Type “su” and key in “alpine” as password. This will let you login as “root” user. Please note the password will not be echoed.
Step 3. Next, type “passwd” to start changing the root password. Then key in your new password and hit return. (How to
choose a good password). You’ll need to retype your new password when “Retype new password” is prompted.
Your root password is now changed. Make sure you remember your own password. If you use WinSCP or Cyberduck to transfer file via SSH, you will need to login with your new password instead of the default one.
0 comments
Post a Comment