Jailbreak SSH horrors strike back
Wednesday, August 4, 2010 at 12:30AM Back in 2009 the “ikee” rick-rolling worm went around the iPhone world via the password of ‘alpine’ on the root account. You are now warned to change your root password when you pop into Cydia and Rock the first time. But this thing just wont stay down.
If you have jailbroken your iPad you might want to check out a little file called “master.passwd”. In it, there is another user called ‘mobile’ which has been pointed out since 2008 (here) on the iPhone as another account to change the password of. But the media and Cydia/Rock warnings only put emphasis on ‘root’.
Many iPad and iPhone apps STILL do not use the “keyring'” and store your password in plain text or somewhere in a binary file (still plaintext), which the user “mobile” has access to.
Ok, “so what” you say. Since this recent jailbreak was using a website, the individuals running that site now have the IP address of freshly jailbroken iPhones and iPads. I am certainly not saying that they have any ill intentions, but sites have been broken into before, and that would be one hell of a gold mine.
Hopefully AT&T has put in blocks of some sort so that it’s customers are protected, but who knows what the other countries around the world that carry iPhones are doing.
But at the very least, if you have jailbroken your iPhone, iPod Touch or iPad, please.. please set your passwords accordingly and do not have it a simple dictionary password.
Remember, you ARE giving up some security when you jail break your phone. It is on you to make sure that you lock what you can back down.
To change your password, use 'Terminal' and log in to one account at a time and issue the "passwd" command. You can also just log in to root and issue the "passwd mobile" command to change the password of mobile
Rob Fuller
I've gotten a lot of comments stating that OpenSSH isn't installed by default and that this is not a big deal at all. A couple problems exist in that argument though:
1. The Jailbreak is executing code on your phone/touch/ipad. Unless you do a analysis of the entire disk, you can't be sure the jailbreak doesn't leave some other way into the phone. Yes, that's a far fetched chance, but most users would never know.
2. Even if you don't install it Out-of-the-box. There is a good possibility that you will OpenSSH at a later date. Better to get it fixed while you have it on the mind.
Reader Comments (8)
Its amazing that the security that has been implemented on Desktop OS's for years has not crossed over to mobile OS's.
One problem is that Terminal is not starting on my 3GS on 4.0.1, so I had to install OpenSSH and log in remotely. You may want to include that way in your post
Hi Rob,
I'm not sure if you have seen my Shmoocon talk on this very issue here:
http://www.stratumsecurity.com/blog/2010/02/12/shmoocon-2010-video-online-the-new-world-of-smartphone-security/
AT&T filters device to device IP traffic now. Before 10/2009 they did not. That is the topic of the first half of my talk.
Trevor
Correct me if I am wrong but just jailbreaking the iPhone does not turn on remote login. I tried both ssh and telnet and my iPhone refused both connections.
While it's still a good idea to change the root password, are we actually in danger if we don't install OpenSSH?
@Peter mobile terminal version 4.6 has been released and it is supposed to work with ios4. more info on installing
http://www.funkyspacemonkey.com/mobileterminal-v426-ios-40-unofficial-deb
if you have openSSH running. you can connect to it using any ssh client on the phone(pterm, iSSH) by connecting to root@127.0.0.1
Cheers
-Andy
From what I see, SSH was installed as part of the jailbreak, so there is no issue. I cannot telnet or SSH to the IP of my phone.
I take that to mean we are all safe unless we install an SSH service on the phone once its been hacked.
Please update this post, SSH is not installed with the latest Jailbreak and this is only a problem if you choose to install SSH on your iPhone.
It's a matter of trust. You may trust Apple, or you may trust unknown hackers on the internet.
But if you trust Apple, you cannot switch easily to trust hackers (unless yo've done some key extraction before).
And if you trust hackers you can switch back to trust Apple.
I mean if you jailbreak the device, It is possible to revert it to original and install updates.
But if you've installed updates you cannot jailbreak in near future, unless some hacker will find a bug in last version.