[Noisebridge-discuss] If you have a jailbroken iPhone with OpenSSH installed...

[Micah Lee]

Change your root password from alpine to something else, if you haven't
already. It looks like this Dutch kid hacked people's jailbroken iPhones by
sshing as root with the default password:
http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars

I don't have an iPhone so I can't test this stuff myself, but I'm guessing
that they don't have firewalls, and if you have a 3G data plan your ssh port
is wide open to the internet. So anyone that knows the AT&T IP address range
for iPhones can scan for port 22, and then try logging in as root, with the
default password alpine.

You can change your password by ssh'ing into your phone like so:

ssh root at YOUR_IPHONES_IP

Or from your iPhone, if you have the terminal app installed, open the
terminal and type:

su

The default password is alpine. Once you're logged in, just type:

passwd

And you can change your password.

Also, I was playing with my iPod Touch and found some interesting things. If
you are ssh'd into an iPhone or iPod Touch,
/private/var/mobile/Applications/ contains all of the apps installed on the
device, and all the private data for them. So, for example, on my iPod
Touch,

/private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/AIM
Free.app/

is where the AIM app is installed, and

/private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/Documents/Accounts.accounts

is where I found my saved AIM password, in plaintext. Also,

/User/Library/Cookies/Cookies.plist

contains all my mobile Safari cookies, including the saved ones for logging
into Gmail.

There's normally a lot more info than this that can be found on iPhones, so
change your password if you haven't already.

Micah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091104/2d96fb73/attachment-0002.html>