There have been four malicious malware packages found during ht elast month or so, which specifically attack jailbroken iPhones. Protection against these attacks is very easy, however, if you know what to do.
Jailbreaking your iPhone opens it up to install services and applications that Apple will not allow. It is a form of hacking your iPhone, however, and can also open your iPhone to attacks, if you don't take some simple steps.
Once you jailbreak your iPhone, SSH access to it will be enabled. This isn't a bad thing if you want to use SSH to access your iPhone, but if you do not change the root SuperUser (SU) password, any old hacker can use SSH to gain control of your iPhone.
The default password is "alpine" (sans quotes) and it's well known. This is a similar issue as posed by many routers, which also have well known passwords which allow access to their network, and which many people foolishly also do not change.
To change the SU password on your jailbroken iPhone:
1. Install the MobileTerminal package from Cydia (shown above). Cydia is installed on your device, or can be installed, when you jailbreak the device.
2. Run the app (named Terminal on your iPhone screen).
3. Type "su root" without the quotes and touch return.
4. Type the root password "alpine;" hit return. You are now logged in as root.
5. Type "passwd;" hit return.
6. Enter your new password. They won't be echoed to the screen, not even as "*," by the way. Hit return; you will be prompted to re-enter the password.
7. Enter the new password again; hit return.
8. Type "exit" and touch return.
An alternative method to changing the SU password is to disable SSH on your iPhone. This can be done using SBSettings (also via Cydia), selecting "More" and then "Toggles" and disabling SSH.
However, without changing the password, every time you activate SSH for a valid reason, your iPhone will be vulnerable.
Written by Michael Santo
HULIQ.com
Comments
Post new comment