Malicious Worm Takes Aim at Jailbroken iPhones

**z28kid** · 11-23-2009, 08:45 AM

Even I have changed my password. I am a first time jb'er and this is not that hard people. If you keep ssh on all the time bad things are gunna happen

**Rob_Quads** · 11-23-2009, 08:53 AM

I hate the way the press are advertising this as a problem with "jailbroken phones". Bit like saying "Windows hackers rejoice" when someone thunderbird have a bug in thier code. Yes they have a jailbroken but its not that, thats causing the problem.

**marko911** · 11-23-2009, 09:10 AM

I have a question just in case ppl have problem changing the root password.

I've notice that wen you install sbsettings and you swipe your finger accros the stattus bar u get a pop up window or some like that with short cuts to wifi, 3G, Brightness and SSH now will this do the trick on stoping hackers on hacking ur phone if you turn SSH off ? Me personally i keep it turned off even tho i have the root password changed i only turn it on if i use SSH .

Can some one answear this qustion if they know it .

Thank you very much ......

**tonman23** · 11-23-2009, 09:11 AM

I haven't needed ssh on my phone in some time! I use iphone browser to transfer files to my phone, mobile terminal has been good enough for other things so far.

**Ace01xc** · 11-23-2009, 09:42 AM

Just change the password open cydia download mobile terminal and then erica tools when done open terminal enter the command passwd, press enter then after put old one in Alpine then your new one (please remember the new password) now more worry 's about silly apple tricks like 1.1.1, oops can not talk about that.

**Risingstar** · 11-23-2009, 09:49 AM

willing to bet any money that Apple is making these bugs.

**exNavy** · 11-23-2009, 09:49 AM

Originally Posted by Imahottguy

For the love of gawd! n00bs: Change your effing root password!!

@Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

And the mobile password as well.

**rwin84** · 11-23-2009, 10:18 AM

ridiculous... well i gues having a computer in our pocket has finally caught up with us... we now have to deal with all the problems of a computer...

**sk8ertim** · 11-23-2009, 10:19 AM

Damn these "WORMS" are annoying!

I havent switched my root PW on my Mom's iPhone, but she doesnt even use SSH! I have it installed and it is ALWAYS off.
When I get a new iPhone, my PW will be 10chars long... maybe like all my other passwords, 26chars long...

PEOPLE! CHANGE THE PASS IF YOU USE SSH!
Then we wont have these "WORMZ"!

Also, maybe in the next ver of oPenSSH there will be an add-on so that before completing installation you would have to MAKE YOUR OWN PASSWORD!

Just my .02cents

**szr** · 11-23-2009, 11:01 AM

You should not only change your root password, but edit your /etc/ssh/sshd_config to turn off Password based auth and only use Public Key auth.

1) You first need to creat a public key and private key pair. You can do this on almost any computer that has an ssh client.

If you use OS X or any UNIX/Linux type system, please see this link. On windows, Putty and Winscp come with a key generator that creates proper keys that they can use; see the link also, but ignore all parts expect those that tell you what to do on your iPhone/iPod, just make sure your ssh/sftp client is set it use your Private Key!

> Setting up SSH keys <

2) Open (or download from your device and open in your favorite editor) /etc/ssh/sshd_config

3) Look for a line containing PasswordAuthentication, make sure it's not commented and set to no, so it looks like:
PasswordAuthentication no

4) Look for a line containing PubkeyAuthentication, make sure it's also not commented out and make sure it's set to yes, so it looks like:
PubkeyAuthentication yes

*** If you run into any problems logging in with root, you can use Mobile Term or iFile to edit /etc/ssh/sshd_config to set PasswordAuthentication to yes if need be, which is recommended when first testing your key to make sure it works while still allowing you the fall back of regular password auth. Once you verify Key auth is working, turn off Password auth.

Also, regardless if you go with Key based auth or not, when you are out in public, it can be better to just turn off SSH altogether - very easy to do with something like SBSettings - you can't pick the lock if there is no door.

IMHO it only makes sense to have SSH on when you're at home or other trusted locations.

**boxxa** · 11-23-2009, 11:08 AM

If you cant change your iPhone's root password, you should not be installing OpenSSH in the first place.

Just my $0.02

**JailbrokeniPodKing** · 11-23-2009, 11:19 AM

thanks, but this has been going round for at least a fortnight, ive had it :L and i dont live in the netherlands

theres the easy but *** way getting out without donating, which is restoring which is ***! Unless you have ROCK backing up your stuff

**volatile-dev** · 11-23-2009, 12:11 PM

Would it not be possible to automatically prompt the user upon installation of OpenSSH to change the root and mobile passwords?

Just a thought...

**bengo** · 11-23-2009, 12:31 PM

Originally Posted by chris4851

It's as simple as this.... if you know how to and have Jailbroken your phone you SHOULD know how to change your root password. Pure laziness and it's there fault to get infected.

Yeah this might have been a good reply back in the 1.0 days, when jailbreaks and unlocks were pretty effin complicated to do. Nowadays, with Geohot's all in one click utility, every noob on the planet can get their iPhone jailbroken.

I think the solution would be to incorporate a password change feature in the jailbreak utilities from now on.

**Jahooba** · 11-23-2009, 12:33 PM

Originally Posted by Imahottguy

For the love of gawd! n00bs: Change your effing root password!!

@Meesany: You should put info on how to change the default password in the first post, n00bs need to be spoon fed.

You call people noobs but don't help them out. Modmyi is a place where we help people, if you want to be an elitist a-hole then go somewhere else.

You should know better by now.

**jOnGarrett** · 11-23-2009, 12:34 PM

great, this is all we need to give Apple an excuse for making iphones un-jailbreakable.

**bengo** · 11-23-2009, 12:50 PM

Originally Posted by jOnGarrett

great, this is all we need to give Apple an excuse for making iphones un-jailbreakable.

yeah... I don't think they have a choice... it's called jailbreaking for a reason.

**rhekt** · 11-23-2009, 01:32 PM

well...here it all goes again. fortunately w/ the previous 2 viruses you got a nifty pic letting you know you were infected. itll be too late, especially financially for those that get this sand worm.

**aekhamsouk** · 11-23-2009, 02:51 PM

how come these carriers don't protect their customers and their own network by locking down these ports and protocols? duh!

**fidosam** · 11-23-2009, 02:51 PM

Originally Posted by marko911

TO ALL : Please just change the root password and thats it its not that hard just click on this link and it will show you step by step on how to do it ..

How To Change the iPhone’s Root Password | Just Another iPhone Blog

Dont forget to hitt the " thanks " if it helped you .

Thank you once again! I was having problems SSHing today (LOL) and used MobileTerminal instead...piece of cake!

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.

Thread: Malicious Worm Takes Aim at Jailbroken iPhones

iPhone News

General iPhone

Even I have changed my password. I am a first time jb'er and this is not that hard people. If you keep ssh on all the time bad things are

The Following User Says Thank You to bengo For This Useful Post:

The Following 3 Users Say Thank You to Jahooba For This Useful Post: