Hack Attack : Secure your Jailbroken iPhone

by Karthik on November 14, 2009 · 2 comments

iphone

The beginning of this week, saw the coming of the first ever iPhone worm. The worm out in the wild as iKee (The one that changes the wallpaper to that of Rick Astley – of the rickrolling fame!) is actually a wrapper built around iPhone/Privacy.A that runs silently in the background without ever letting the user know that it is running. What does the worm do?

Well it goes after the personal data stored on your iPhone which includes email, contacts, SMS, Calendars, Photos etc. So if you have Jailbreak’ed your iPhone, you have to be concerned now.

ikee-iphone-wallpaper

Also the worm doesn’t need to be running on an infected device, the attacker could instead load it onto a Computer in a public network and scan for iPhone’s connected to the same network that are deemed to be vulnerable.

The attack vector is simply the Jailbroken iPhone, which is what you need to secure if you are running a Jailbroken iPhone. Since the iPhone runs on the trusted Unix Based Filesystem the fix is actually easier than it seems and you lose out on nothing with regards to the Jailbreak functionality.

So how do we do it? We just change the root password of iPhone to prevent hackers from getting access to the precious personal data on your iPhone. It’ll hard take you a couple of minutes but will save you a lot of trouble later.

  • First up you need to Install the MobileTerminalapplication from Cydia.IMG_0019
  • After it is installed, you’ll need to reboot your iPhone.
  • Launch MobileTerminal from the springboard and type in the command: passwd
  • When it asks you for the “Old Password,” type in: alpine
  • At the new password prompt, type in a new password of your choice, but make sure its strong and secure enough
  • Re-enter the password to confirm.
  • You’ll now be returned to the Mobile$ prompt which means the change was successful.IMG_0022
  • Now you’ll need to change the password for the root account. Type in the command login root.
  • Once again, you’re prompted for the old password. Type in alpine.
  • Now type in the command passwd
  • You’ll then go through the change password routine a second time, entering in alpine as the old password, creating a new password and then re-entering it to confirm.IMG_0023
  • Yup, that’s it. Once done, Close MobileTerminal and uninstall it from Cydia if you feel so.

P.S. I’ve personally tested this on my iPhone running iPhone OS. 3.1.2 Jailbroken using BlackRa1n. But I am pretty sure this should work other iPhones as well.

Let us know in the comments to explain how the process went for you. You really have to thank Dev Team and other teams working on the iPhone platform, with the increased power, they also make it relatively easy for us to secure our iPhones.

See more from: iOS

{ 2 comments… read them below or add one }

Tony December 21, 2009 at 2:51 am

Completed went very well

Reply

Remove Spyware July 18, 2010 at 6:38 am

I have changed my default password;)

Reply

Leave a Comment

Previous post:

Next post: