[Noisebridge-discuss] If you have a jailbroken iPhone with OpenSSH installed...

Brian Johnson noisebridge at dogtoe.com
Wed Nov 4 19:34:09 UTC 2009 

You don't need to "su" if you login to ssh as root.

- Brian


On Wed, Nov 4, 2009 at 11:10 AM, Micah Lee <micahflee at gmail.com> wrote:

> Change your root password from alpine to something else, if you haven't
> already. It looks like this Dutch kid hacked people's jailbroken iPhones by
> sshing as root with the default password:
> http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars
>
> I don't have an iPhone so I can't test this stuff myself, but I'm guessing
> that they don't have firewalls, and if you have a 3G data plan your ssh port
> is wide open to the internet. So anyone that knows the AT&T IP address range
> for iPhones can scan for port 22, and then try logging in as root, with the
> default password alpine.
>
> You can change your password by ssh'ing into your phone like so:
>
> ssh root at YOUR_IPHONES_IP
>
> Or from your iPhone, if you have the terminal app installed, open the
> terminal and type:
>
> su
>
> The default password is alpine. Once you're logged in, just type:
>
> passwd
>
> And you can change your password.
>
> Also, I was playing with my iPod Touch and found some interesting things.
> If you are ssh'd into an iPhone or iPod Touch,
> /private/var/mobile/Applications/ contains all of the apps installed on the
> device, and all the private data for them. So, for example, on my iPod
> Touch,
>
> /private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/AIM
> Free.app/
>
> is where the AIM app is installed, and
>
>
> /private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/Documents/Accounts.accounts
>
> is where I found my saved AIM password, in plaintext. Also,
>
> /User/Library/Cookies/Cookies.plist
>
> contains all my mobile Safari cookies, including the saved ones for logging
> into Gmail.
>
> There's normally a lot more info than this that can be found on iPhones, so
> change your password if you haven't already.
>
> Micah
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091104/db2a9bc6/attachment-0003.html>

More information about the Noisebridge-discuss mailing list