• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malware Allows Access to Jailbroken iPhones


    Well, we all knew this was coming.

    The Macintosh security firm Intego reports that they have identified malware that will allow hackers to access data on jailbroken iPhones running OpenSSH with the default root password 'alpine.' Unjailbroken iPhones, devices not running sshd, and devices with unique root passwords are not vulnerable to this exploit. Though Intego currently categorizes the risk of the malware as "low," users should act to secure their phones.

    The tool - which Intego identifies as "iPhone/Privacy.A" - works by being installed onto a "Mac, PC, Unix or Linux" computer - or another iPhone - and then scanning the computer's network to find ssh services.

    This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
    When a vulnerable iPhone is found, the hacker can then download all personal data stored on the device: "e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app."

    Intego recommends its own VirusBarrier X5 software to identify and eradicate the software on a Mac, but notes there is no detection tool for other computer platforms, or for the iPhone itself. Users of jailbroken phones should not enable ssh except when needed, and should change their root passwords:
    • install and run "Mobile Terminal"
    • type su root at the shell prompt and tap enter
    • type passwd and tap enter
    • enter alpine for your old password
    • enter new password
    • enter new password again to confirm

    image via Intego
    This article was originally published in forum thread: Malware Allows Access to Jailbroken iPhones started by Paul Daniel Ash View original post
    Comments 65 Comments
    1. The Digital Alchemist's Avatar
      The Digital Alchemist -
      Quote Originally Posted by rhekt View Post
      how many times do we all have to re-explain how to change root password? OK ONE MORE TIME:

      mobile terminal
      su
      alpine
      paswd
      new password
      new password

      You need to change both the root and mobile passwords. If you've only put your new password twice (new password and confirmation), you're not done. To have both root and mobile passwords changed you need to enter your new password FOUR SEPARATE times... i.e. 1- new root password, 2- confirm new root password, 3- new mobile password, 4- confirm new mobile password. And yes, the command is "passwd" not paswd.
    1. DaBossA's Avatar
      DaBossA -
      I think someone hacked into my iPhone. I just finished installing a theme through Diskaid and after I restarted the phone in the lockscreen it had a message saying "Nothing will happen yet, but just know this came from the web server. I know right Pretty awesome" something like that. Then the message would not go away so I restored my phone and after I'm done re-jailbreaking it and putting all my apps back in I go to my Phone book and all the words are mad big and all out of place. So I rebooted the phone and when it rebooted I could only see and access one application which was Aim. I couldnt see any other icons.

      Has this happen to anyone else? I don't even use SSH and I don't have it installed.

      I think I'm gonna have to sell it and get another one. It's a 3GS 16GB by the way. This has me so frustrated right now.
    1. ddonuts4's Avatar
      ddonuts4 -
      Quote Originally Posted by suicidesam View Post
      I think i've been breached...I can't change the password it won't let me type in alpine
      Nothing appeared while i was typing in "apline", but when i pushed return, after i had typed it, it accepted the password.

      Quote Originally Posted by DaBossA View Post
      I think someone hacked into my iPhone. I just finished installing a theme through Diskaid and after I restarted the phone in the lockscreen it had a message saying "Nothing will happen yet, but just know this came from the web server. I know right Pretty awesome" something like that. Then the message would not go away so I restored my phone and after I'm done re-jailbreaking it and putting all my apps back in I go to my Phone book and all the words are mad big and all out of place. So I rebooted the phone and when it rebooted I could only see and access one application which was Aim. I couldnt see any other icons.

      Has this happen to anyone else? I don't even use SSH and I don't have it installed.

      I think I'm gonna have to sell it and get another one. It's a 3GS 16GB by the way. This has me so frustrated right now.
      Try booting it into dfu mode then doing a full restore and setting it up as a new phone. Before you sync stuff back to it, see if it works.
    1. TooSlo's Avatar
      TooSlo -
      Quote Originally Posted by unfaced View Post
      Is there a USB file transfer method available for PC since iPhone browser doesn't work anymore?
      Total Commander is still working on my Wife's phone as well as my 2G ipt. Both are running 3.1.2.

      I generally just uninstall openSSH after I've re-enabled USB.
    1. unfaced's Avatar
      unfaced -
      Quote Originally Posted by TooSlo View Post
      Total Commander is still working on my Wife's phone as well as my 2G ipt. Both are running 3.1.2.

      I generally just uninstall openSSH after I've re-enabled USB.
      How do you enable USB???