• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malware Allows Access to Jailbroken iPhones


    Well, we all knew this was coming.

    The Macintosh security firm Intego reports that they have identified malware that will allow hackers to access data on jailbroken iPhones running OpenSSH with the default root password 'alpine.' Unjailbroken iPhones, devices not running sshd, and devices with unique root passwords are not vulnerable to this exploit. Though Intego currently categorizes the risk of the malware as "low," users should act to secure their phones.

    The tool - which Intego identifies as "iPhone/Privacy.A" - works by being installed onto a "Mac, PC, Unix or Linux" computer - or another iPhone - and then scanning the computer's network to find ssh services.

    This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
    When a vulnerable iPhone is found, the hacker can then download all personal data stored on the device: "e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app."

    Intego recommends its own VirusBarrier X5 software to identify and eradicate the software on a Mac, but notes there is no detection tool for other computer platforms, or for the iPhone itself. Users of jailbroken phones should not enable ssh except when needed, and should change their root passwords:
    • install and run "Mobile Terminal"
    • type su root at the shell prompt and tap enter
    • type passwd and tap enter
    • enter alpine for your old password
    • enter new password
    • enter new password again to confirm

    image via Intego
    This article was originally published in forum thread: Malware Allows Access to Jailbroken iPhones started by Paul Daniel Ash View original post
    Comments 65 Comments
    1. ddonuts4's Avatar
      ddonuts4 -
      i just pulled out my ipod touch and changed my password . The latest update of openssh should have a prompt to change the password in it to eliminate this risk!!
    1. ecd5000's Avatar
      ecd5000 -
      Quote Originally Posted by suicidesam View Post
      I think i've been breached...I can't change the password it won't let me type in alpine
      are you typing in "passwd" before trying to type alpine?
    1. twitchthecat's Avatar
      twitchthecat -
      Quote Originally Posted by iLaw-One View Post
      To change your Root Password:


      D: Once you have logged in as root, type ‘passwd’ command (without quotes) and ‘alpine’ (without quotes) as your current root password, and press enter.
      the instructions fall apart at this point and can use additional clarification for us non technophiles.

      Update - got the instructions from Cydia as suggested previously in this thread - much easier to follow.
    1. mikerlx's Avatar
      mikerlx -
      The bigger picture is that jailbreaking and unlocking is vulnerable. Besides turning ssh off and changing the password is limit putting personal information on your iphone.

      ^True some of my friends have never even opened cydia and done any complete upgrades and have been talking on the phone and using the iphone without exploring any features. Some of my friends unlocked there iphone in 2007 and have never updated firmware.
    1. PAPER CHASER's Avatar
      PAPER CHASER -
      Quote Originally Posted by romeo_herman View Post
      The right one is here....

      The easy way to change the root password is
      install mobile terminal from Cydia
      after finish install press home button to go back to Home screen
      look for mobile terminal then open
      type "su" (without quote)press return
      then password "alpine" (without quote)press return
      now you are logging as root
      type "passwd" (without quote)press return
      type your new password/press return
      retype your new password/press return

      That's it

      after the instruction try to log in on winSCP then enter password "alpine"
      the system will deny it, just type your new password.
      hope it help.
      If help please press thanks button.

      Finish change password you can uninstall mobile terminal on your phone.


      Good bye hackers....
    1. P99's Avatar
      P99 -
      When the "lockscreen virus" came out, I changed my password using the directions in Cydia's home screen ("Copying Files to/from Device" & "OpenSSH Access How-To"). They were easy to follow and my iPhone is now more secure.
    1. unfaced's Avatar
      unfaced -
      Is there a USB file transfer method available for PC since iPhone browser doesn't work anymore?
    1. romeo_herman's Avatar
      romeo_herman -
      Everybody who has changed the "root" password, must change the "mobile" password also, ( please try open ssh winSCP, using user name : mobile (not root) and type password alpine ) If you still can get into ssh, so you must change the mobile password also....
    1. Spooky's Avatar
      Spooky -
      Ok people...this whole thing with changing your passwords and freaking out about the open ssh hacking is ridiculous. Just install SBSettings from Cydia. This app allows you to simply swipe across the status bar and open a menu that let's you toggle all kinds of functions, there amongst - OpenSSH. Simply tap SSH and your phone is unavailable for ssh connections. Whenever you might want to use ssh, just do the same again and then disable ssh again when you're done whatever you wanted to do. Hopes this makes things easier for some people...
    1. MuseFan288's Avatar
      MuseFan288 -
      password changed
    1. enjoimike69's Avatar
      enjoimike69 -
      I dont know how to use terminal can someone please help me. When you type is it suppose to be just a black screen, because when i follow all the steps nothing happens, nothing to let me know if it worked or not. Is that normal?
    1. stlcaddie's Avatar
      stlcaddie -
      Quote Originally Posted by Spooky View Post
      Ok people...this whole thing with changing your passwords and freaking out about the open ssh hacking is ridiculous. Just install SBSettings from Cydia. This app allows you to simply swipe across the status bar and open a menu that let's you toggle all kinds of functions, there amongst - OpenSSH. Simply tap SSH and your phone is unavailable for ssh connections. Whenever you might want to use ssh, just do the same again and then disable ssh again when you're done whatever you wanted to do. Hopes this makes things easier for some people...
      Make sure you do this every time the phone resprings or reboots. It automatically starts. Unless its just my iphone
    1. rhekt's Avatar
      rhekt -
      how many times do we all have to re-explain how to change root password? OK ONE MORE TIME:

      mobile terminal
      su
      alpine
      paswd
      new password
      new password
    1. rojocrandall's Avatar
      rojocrandall -
      Quote Originally Posted by vedavis View Post
      Even though I have SSH off in SBSettings, I installed MobileTerminal anyway, but it keeps crashing before I get a prompt. I've read other places that the app has not been updated in a while and has problems on 3.1.2. True?
      true, for me at least. I could not get mobile terminal to work
      for a while after blackra1n RC1 on 3.1.2. After a restore and re-break (courtesy of the sucky Rock app) with RC2, mobile terminal works fine for me now.
    1. skiptowncat's Avatar
      skiptowncat -
      Quote Originally Posted by rhekt View Post
      how many times do we all have to re-explain how to change root password? OK ONE MORE TIME:

      mobile terminal
      su
      alpine
      paswd
      new password
      new password
      Sorry, could you explain that a bit more clearly
    1. jedized's Avatar
      jedized -
      Quote Originally Posted by ramsizzle View Post
      im a hardcore idiot when it comes to this ...how do i go about changing my password in winSCP?
      In winSCP there is a little black & white icon up top representing a terminal, use that and enter the same commands from there as if you were using Mobile Terminal.

      Quote Originally Posted by Poseidon79 View Post
      Read the first post at the bottom for instructions. It's done with mobile terminal which is downloaded from Cydia.
      The question by ramsizzle was how to change it with winSCP. I'm sure he can read the article but the article gives directions for doing it with Mobile Terminal. ramsizzle probably has his own reasons for not using mobile terminal. I have already replied to his post giving him instructions on doing the same thing with winSCP.

      Quote Originally Posted by rhekt View Post
      how many times do we all have to re-explain how to change root password? OK ONE MORE TIME:

      mobile terminal
      su
      alpine
      paswd
      new password
      new password
      WRONG.
      No wonder you have to keep repeating yourself. The command you gave is just WRONG!
      the passwd command has 2 s' in it.
    1. billchase2's Avatar
      billchase2 -
      You forgot to mention that you'll need to type in your current password (alpine) after the step "type su root at the shell prompt and tap enter".
    1. avnyc11's Avatar
      avnyc11 -
      i cant get mobile terminal to work. when i install it and open it on my springboard, it goes to a screen with half black and half keyboard. the key presses dont work, nothing happens even if i type in the correct commands, and all i can do is hold my finger int he black area and a popup menu appears which is also useless. btw i am on a 8gb 2g 3.1.2 att not unlocked or hacktivated, jb'ed using blackrain. any ideas, i tried to use the terminal in winscp but it kept freezing
    1. Xagest's Avatar
      Xagest -
      I'm actually really surprised that this sort of thing is coming out just now. When I installed SSH and found out there's a default password, I switched it out right away.

      There just hasn't been any urgency towards doing that, though. It seems really amateur that very few people have been informed about the importance of changing their passwords from a default. Even the initial install of the SSH module should have prompted the user for a password or something.
    1. kest874's Avatar
      kest874 -
      Anyway to stop OpenSSH from starting by default?