[Noisebridge-discuss] If you have a jailbroken iPhone with OpenSSH installed...

Glen Jarvis glen at glenjarvis.com
Wed Nov 4 19:45:29 UTC 2009 

This may not be helpful, but in case it is, I'm sending it on.

My iphone is a plain old 3GS - purchased from the store - no jail-breaking
-- completely legal.

However, if the root default password is standard like that, I wanted to
change it to eliminate possible security risks. I did the following:

1) Connected to my webserver to see what IP address is recorded (in access
logs),
2) Then tried ssh'ing to root at that IP address from a terminal -- large
delay/ctrl-c and another approach
3) From the phone, using TouchTerm Pro, I tried doing the same as above. The
connection was refused "Could not connect to server"
4) I tried root at 127.0.0.1 and saw different behavior:

SSH connection error
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection..
ssh: connect to host 127.0.0.1 port 22: Connection refused

I have no direct terminal into the phone to see more...

Cheers,


Glen


On Wed, Nov 4, 2009 at 11:10 AM, Micah Lee <micahflee at gmail.com> wrote:

> Change your root password from alpine to something else, if you haven't
> already. It looks like this Dutch kid hacked people's jailbroken iPhones by
> sshing as root with the default password:
> http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars
>
> I don't have an iPhone so I can't test this stuff myself, but I'm guessing
> that they don't have firewalls, and if you have a 3G data plan your ssh port
> is wide open to the internet. So anyone that knows the AT&T IP address range
> for iPhones can scan for port 22, and then try logging in as root, with the
> default password alpine.
>
> You can change your password by ssh'ing into your phone like so:
>
> ssh root at YOUR_IPHONES_IP
>
> Or from your iPhone, if you have the terminal app installed, open the
> terminal and type:
>
> su
>
> The default password is alpine. Once you're logged in, just type:
>
> passwd
>
> And you can change your password.
>
> Also, I was playing with my iPod Touch and found some interesting things.
> If you are ssh'd into an iPhone or iPod Touch,
> /private/var/mobile/Applications/ contains all of the apps installed on the
> device, and all the private data for them. So, for example, on my iPod
> Touch,
>
> /private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/AIM
> Free.app/
>
> is where the AIM app is installed, and
>
>
> /private/var/mobile/Applications/27201D0E-D41A-4198-9FC0-185868FC28ED/Documents/Accounts.accounts
>
> is where I found my saved AIM password, in plaintext. Also,
>
> /User/Library/Cookies/Cookies.plist
>
> contains all my mobile Safari cookies, including the saved ones for logging
> into Gmail.
>
> There's normally a lot more info than this that can be found on iPhones, so
> change your password if you haven't already.
>
> Micah
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091104/ddcf6eae/attachment-0003.html>

More information about the Noisebridge-discuss mailing list