Results 1 to 5 of 5

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.

Thread: iPhone security, Rik Farrow, Metasploit, oh my!

  1. #1
    Default iPhone security, Rik Farrow, Metasploit, oh my!

    Have y'all seen this?

    and this:

    and this:


    Seems I might want to change my password from dottie.

    What should one do for security with an unlocked phone without 1.1.2?

    Remove SSH?

    Here's a blurb from the article:

    Every process runs as root. MobileSafari, MobileMail, even the Calculator, all run with full root privileges. Any security flaw in any iPhone application can lead to a complete system compromise. A rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware. Couple this with "always-on" internet access over EDGE and you have a perfect spying device.

    And here's an interesting counterpoint article:
    Last edited by FreeMyPhone; 2007-11-26 at 02:52 AM. Reason: Automerged Doublepost

  2. #2
    i'm too scared to eat lunch now... thank you

  3. #3
    Well with Toggle, I know that you can turn SSH on and off, so if you have it off, your phone cant be hacked right?

  4. #4
    Not necessarily. Future browser exploits (I'm betting there will be) could expose you if you have EDGE or Wi-Fi on. Unfortunately, w/ good tech (The iPhone) comes bad tech ([email protected] that want nothing more than to reek havoc on the end user). So really, there will never be a truly safe- well, anything that is a computer/computer based product. I'd say that honestly, for the sake of battery life, keep SSH off, unless A) You want to transfer files or B) Your about to attempt a hack that may screw your phone up, and SSH'ing could potentially fix it. The same goes for Wi-Fi. EDGE... Well, if you don't have any apps that NEED it to preform (IE you need Mail running all the time) then turn it off too.

    But honestly, the #1 thing that one can do to ensure iPhone security is this: Enable Auto-Lock! When the phone is 'Locked' Wi-Fi, SSH and anything that is not vital is turned off, this is why in WinSCP, your connection disrupts if you have Auto-Connect on.

    Hope that helps... (I don't want this to sound like a Thread Hijack, I was just answering the post above this).

  5. #5
    I just don't use SSH. Easy enough to patch the exploit and use a simple Phone Browsing software. Works wonders for me.


Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts