Guide: How To Protect yourself from SSH-based iPhone worms

iPhone Firmware & Software download !

Guide: How To Protect yourself from SSH-based iPhone worms

Posted on 2009 under All, Guides & Jailbreak, iPhone News, iPhone Tips

23 Nov

The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful “root” user as well as the more-restricted “mobile” user.

Not surprisingly, Apple has officially commented on the situation noting that “the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software.” It is pretty clear from Apple’s statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch.

Luckily, if you need to have OpenSSH installed on your iPhone (who doesn’t want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone.

Remember, this only affects jailbroken iPhone owners who have installed OpenSSH…
Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
Type “login”, you will be asked for a login name which should be “root” then a password which should be “alpine”.
Type “passwd” then tap return, you will be asked to type the new password. Tap return and type the new password again.

Repeat this same process for the “mobile” user by replacing “root” with “mobile” in step 3. Also, when using passwd to change the password for “mobile” you may be asked the old password which would be “alpine”. It is not necessary to use a different password for “root” and “mobile” but if you’re highly security conscious, it wouldn’t hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS.

In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!

Protect yourself from SSH-based iPhone worms originally appeared on The Unofficial Apple Weblog (TUAW) on Mon, 23 Nov 2009 18:00:00 EST. Please see our terms for use of feeds.

via | The Unofficial Apple Weblog (TUAW)

If you like the work I'm doing with iphonefirmware.com or if one of my articles or blog posts helped you, maybe you'd like to buy me a beer! Its a nice social gesture, I'd buy you one if I was sitting beside you at the pub. I favor the Irish Stouts like Murphys and Guiness. Thank You for supporting iphonefirmware.com! I raise my glass to you!

Game developers on iPhone outnumber DS and PSP two-to-one (Feb 08, 2010)
Guide (step-by-step): How To Jailbreak iPhone 2G-3G-3GS 3.1.3 with PwnageTool 3.1.5 (mac) (Feb 08, 2010)
Purported pics of next-gen iPhone front face surface (Feb 08, 2010)
Download Sn0wbreeze V1.5.1 to Jailbreak iPhone 3.1.3 Firmware (Feb 08, 2010)
Hutchison offers discounted iPad in Austria (Feb 08, 2010)
Hands-on with the OWLE bubo: Better photos and video from your iPhone (Feb 07, 2010)

Categories
- iPhone
- App Store
- Guides & Jailbreak
- Apple iPad
- tablet
- iPad
- All
- iPhone Apps
- iPhone Hacks & Tricks
- iPhone News
- iPhone rumors
- iPhone Tips
- Video iPhone
Hot Links

iPhone Firmware Download
latest
OS 3.1 3.0.1
3.0 firmware

Top Software Download

Blackra1n RC3 for Windows (1.6 KB, 8,641 hits)
WinPwn v2.5.0.2 (19.1 MB, 8,181 hits)
QuickPwn v2.2.5-2 for Windows (15.4 MB, 7,100 hits)
Bootloaders v4.6 (128 KB, 6,608 hits)
Bootloaders v3.9 (128 KB, 5,869 hits)
redsn0w 0.8 for Windows (11.9 MB, 5,273 hits)
QuickPwn v2.2-1 for Windows (16.2 MB, 5,173 hits)
Blackra1n RC3 for Mac OS X (1.6 KB, 3,874 hits)
Archives
- February 2010 (44)
- January 2010 (185)
- December 2009 (182)
- November 2009 (142)
- October 2009 (162)
- September 2009 (127)
- August 2009 (132)
- July 2009 (162)
- June 2009 (233)
- May 2009 (101)
- April 2009 (135)
- March 2009 (122)
- February 2009 (114)
- January 2009 (225)
- December 2008 (207)
- November 2008 (181)
- October 2008 (202)
- September 2008 (217)
- August 2008 (220)
- July 2008 (299)
- June 2008 (212)
- May 2008 (107)
- April 2008 (21)
- March 2008 (4)
- February 2008 (7)
- January 2008 (9)
- December 2007 (1)
- November 2007 (2)
- October 2007 (1)
- June 2007 (1)
Popular Tags
Accessories Analysis / Opinion android app App Review App Store Apple Apple Corporate Apple Financial Apple iPad apps at&t Audio ces 2010 Cool tools Developer devsugar Enterprise features firmware First Look Found Footage Freeware game Gaming google google voice guide Hardware Holidays how to jailbreak Humor Internet Tools iPhone iphone 2009 iphone 2010 iphone 3.0 iphone 3.1 iphone 3g s iphone 3gs iphone 4.0 iphone 4g iphone app iPhone Apps iphone game iphone games iphone hacks iphone nav iphone os 3.0 iphone video iPod Family ipod touch itunes jailbreak 3gs jailbreak iphone jailbreak iphone 3.0 Jailbreak/pwnage Multimedia Music navigon new new iphone news Odds and ends OS Retail rumors SDK software Software Update Tips tomtom trick tricks verizon video Video iPhone voip Wireless you tube
Calendar

November 2009

M T W T F S S

« Oct Dec »

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30

November 2009
M	T	W	T	F	S	S
« Oct		Dec »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Disclaimer

This website is not owned by, licensed by or a subsidiary of Apple Computer, Inc. Apple iPhone are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. The content of this website is not supplied or reviewed by Apple Computer, Inc. All articles, images, logos and trademarks in this site are property of their respective owners. Comments are property of their posters. Use of any information available on this website is at your own risk, you are 100% responsible for what you do or don't do with it. If any information on this website is inappropriate or violates or infringes any of your copyright protection do leave a comment and appropriate action will be taken as soon as possible. All the information available on this site is for informational purposes only. iPhoneFirmware.com is not responsible if you void your warranty or damage your device. The information on the blog may be changed without notice and is not guaranteed to be complete, correct or up to date.