By jailbreaking your iPhone, it opens up lots of opportunities to add some amazing features that you’ll never find on a normal iPhone. Just quote a few examples, jailbreaking lets you use Winterboard to change the iPhone theme. Or you can use Twidget to view your tweet on lock screen. And, jailbreaking opens the door for iPhone unlocking and full control of iPhone file system.
However, at the same time, jailbreaking may make your iPhone less secure and you need to take extra measure to secure it, especially you enable SSH on the jailbroken iPhone.
Earlier, as reported by Ars Technica, a Dutch hacker made use of the well-known root password (i.e. alpine) of iPhone and hacked into the jailbroken iPhone. The hacker does not intend to distribute any malicious code or damage your iPhone. He developed a port scanning program to identify jailbroken iPhones on T-mobile Netherlands with SSH running. When the target jailbroken iPhone is found, the program used the default root password to gain access of the iPhone. He then sent an SMS-like alert to the hacked phone that reads, “You iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.” Originally, clicking the link will direct the victim to the hacker’s site and you’ll need to pay €5 for trading with the instruction to remove the hack. Later, however, the hacker changed his mind and post the instructions for undoing the hack without any cost.
Though, this incident doesn’t do any harm on jailbroken iPhone, it signals every jailbroken iPhone users should take extra care to secure their iPhone. To prevent this kind of hack, what you need is to change the default root password. For those who have installed OpenSSH on iPhone, it’s highly recommended to follow these instructions to change the root password.
Changing the root password of iPhone
1. Go to Cydia and install “MobileTerminal” application
2. Launch “Terminal” app. Type “su” and key in “alpine” as password. This will let you login as “root” user. Please note the password will not be echoed.
3. Next, type “passwd” to start changing the root password. Then key in your new password and hit return. (Note: Remember to choose a good password). You’ll need to retype your new password when “Retype new password” is prompted.
That’s it. Your root password is now changed. Make sure you remember your own password. If you use WinSCP or Cyberduck to transfer file via SSH, you will need to login with your new password instead of the default one.
As always, remember to leave me comment if you find any problem in changing the password or you’d like to share any tips.
Share with Your FriendsWhat's Next?
If you find the post is useful, subscribe to Simon Blog using RSS or Email to get free iPhone updates. Alternatively, you can follow me on Twitter or join us on Facebook.
Related Post you'll like:- The First iPhone Virus Targets Unsecured Jailbroken iPhone
- Another Virus Attacks iPhone to Steal Sensitive Information
- iPhone Tip: How to Change iPhone Carrier Name Using FakeCarrier
- Enabling MMS on Jailbroken iPhone 3G/3GS using Firmware 3.0 (For AT&T Only)
- How To Change iPhone System Font with FontSwap
Loading ...
{ 26 comments… read them below or add one }
Thanks Simon!!!
i was able to download the MobileTerminal but once I’ve executed it, i am getting a black blank screen with the keyboard below but no type of characters are showing up on the black blank screen like the ones above here. Any suggestions why this is or what am i missing?
@fgabato: You wont see the characters while typing the old and new password within a ssh. Just type it and have trust in the system
@robert: I agree with you in regards to not seeing the old and new password as you type it but I am not even there. I am just getting a blank screen where i don’t even see the prompt on the screen
yeah, I can confirm what @fgabato has, but in my case is even worse, after I start MobileTerminal I get the black screen and keyboard, and after 2 secs it crashes I guess and I get back to iphone springboard. I have a jailbreak from first version of Blackra1n, maybe this is the case. But no idea how to jailbreak using latest version of Blackra1n, I mean shall I just run latest jailbreak over existing or to restore first, or ….
Umm. I tapped the screen where the black part was and it worked. I had what Eugen had as well, but it worked after i relaunched it and tapped the black part of the screen.
Thanks Simon. Very straightforward.
Thanks Simon.
Note to all- Works perfect on Iphone 3G with latest blackra1n + 3.1.2 firmware.
Very clear Instructions keep it up!
Hi – Could you please let me know if it’s necessary to change the root password even if I don’t have ssh installed? thanks
@Ivan,
The virus can only infect jailbroken iPhone with SSH enabled. If you do not have SSH installed, you won’t be affected even the root password is unchanged.
Simon, thanks, this is good stuff. However, it is essential that people also change the password for the user mobile. It is also ‘alpine’ by default, and when a malicious hacker gets into your mobile account, he can still steal all your important information (i.e. all your personal information: address book, cookies, …).
@Jim, thanks for your reminder. I will also remind other readers about that.
I can’t get cydia to work I get “502 bad gateway “message
Double POst Sorry but I don’t know how to edit my above. I have cydia but do not have a ssh client on my JAU’d iphone 2g 3.0.1 When I try to open cydia I get all kinds of error messages about not fetching data.
Am I vulnerable to these worms and if so what should I do? .
The current worms affect jailbroken iPhones and iPod touches that have OpenSSH running. (Technically that’s not an SSH client but an SSH server.) As far as I gather from your post, that wouldn’t be you. I don’t know where your problem with Cydia comes from, but it sounds like the connection to one or more of the sources (repositories) is not working; it’s an internet connection issue. Some of the sources are offline some of the time, and your own connection could have temporary problems.
As it’s becoming more and more important (there’s now a very malicious piece of malware stealing people’s money), let me just explain that you should ALSO CHANGE THE PASSWORD FOR MOBILE!!! The mobile account is just as vulnerable as the root account and it holds ALL your data!
After doing step 1, 2 and 3 above, with the terminal still running, you should type:
passwd mobile
and it asks for your new password (twice). It is OK to use the same new password you used for the root account. Just don’t use ‘alpine’.
thanks simon one question if I remove open SSH from my iphone I’m still vulnerable to a virus atack?? sorry but i’m new at this
You SHOULD only be vulnerable if you have an app installed that can accept incoming connections; in this case we are talking about OpenSSH, but the same principal applies if you have installed another file-manipulating server app eg. HTTP or FTP.
The bottom line is that both Cydia and Rock recommend changing your passwords is the first thing you should do, and I would certainly advise the same.
It has already been mentioned, but the article still hasn’t been updated, so I think it bears reiterating: you MUST change BOTH passwords!
are you just hacking me?
my root pw is not alpine.
i have not changed it in the past.
is it possible that a virus has already hurt my iphone?
i jb’d with blackrain and am running iphone os 3.1.2
openssh is installed, although i recently uninstalled it, and i have cyberduck on my mac–and cyberduck does show the iphone, but cant connect bc, sorry for the redundancy, but alpine is not my pw.
K I type in SU, press enter and then it says password, i type in alpine press enter and it says incorrect password. I havnt changed the password, so why is it incorrect? ive tried a couple times just in case of typos but still incorrect… what do i do??
omg i just remembered after watching a youtube video, a few days ago the Rock app told me my password hasnt been changed yet so i changed it there to a password i use for everything….. damn im so forgetfully dumb… i have the right password now. sorry for my post lol but i was worried
This is unrelated but everyone here seems so affluent and I am completely lost. All of the sudden a few days ago my unlocked 2g 3.0.1 iPhone stopped letting me connect to wifi connections. It’ll search and find them even asks for passwords but then says unable to connect. In not sure if it’s possible if I have a virus, because in my settings and in Cydia a random banner ad of spam has been popping up. Any ideas?
thanks a bunch dude
Thank you very much for your instructions!!! Very helpfull
Does this work for Ipod Touch 2nd Gen IOS4 ???
{ 2 trackbacks }