5% Off Powermat

Join The Community

Thursday, November 5, 2009

Secure Your Jailbroken iPhone and Change your Default Password

Recently A Dutch hacker, managed to break into jailbroken iPhone & tried to extort € 5 from the victim. Later it was discovered hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them. Here is the original Dutch Forum from where all the incidences comes in to light. Arstechnia added “ It appears one enterprising Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. Enabling SSH is a common procedure for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands. Unfortunately, iPhones all have a default root password that many forget to change after jailbreaking”.


In this instance, the hacker changed the wallpaper (see above) on compromised iPhones so they displayed the following message:


Important Warning
Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and dsecure your iPhone right now!
Right now, I can access all your files.. This message won’t disappear until your iPhone’s secure
And when he visited the mentioned site another threatening message.
If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.
_____________________________________________________________________________________
How to Secure your iPhone from these kind of threats


Step 1: Go to Cydia and search for MobileTerminal app and then install it on your iPhone. Once you have successfully installed MobileTerminal, Reboot your iPhone.




Step 2: Now start MobileTerminal app and type the following command:
passwd





Step 3: You’ll now be asked for your old password which should be ‘alpine’ (without the quotes), followed by a new one of your choice (twice). Simply enter your old and new password and you are done!



Note: the instruction in Step 2 will change your mobile password only. In order to change root password, type ‘login’ command (without quotes) and then press enter. Now type ‘root’ (without quotes) as your login and ‘alpine’ as your current root password. Once you have logged in as root, type ‘passwd’ command (without quotes) again and press enter. It will now prompt you to enter a new password (twice). Simply enter your desired new password again as you did in Step 3 (for changing mobile password) and you should be all fine. It is highly recommended that you change, both your mobile and root passwords to make sure you are completely safe from any outside SSH attack.
or 
Change the Root Password of iPhone : it’s the most easiest way all you need is to install Mobile Terminal if you haven’t installed and then change the root password.   Note that the text between >> << aren’t commands that text is for your reference only.
  • su root                                                 >> << login root with all access >> <<
  • alpine                                                  >> <<  it’s your default password >> <<
  • passwd root                                       >> <<To change your default password >> <<


Turn of SSH when not required : Install SBSettings from Cydia so you can turn it off or on when you really required this.
If you have any question we’ll love to hear back from you on twitter via @iTune2iPhone and keep your self updated with the latest of iPhone community.


Source: ihackintoshredmondpie


Update: How to recover your Hacked iPhone. Follow the step by step instructions.
1. Get an SSH program like putty for windows.

2. SSH to your iPhone. (If you haven't done that before it may take a while, and after that there might come a warning about a key fingerprint. You can just accept that). Login using username "root" and password "alpine". (this is the default password)
3. There's a few commands you have to execute, best is to just copy them:

rm /System/Library/LaunchDaemons/com.apple.syslog.plist
chown mobile /private/var/mobile/Library/LockBackground.jpg
chmod 666 /private/var/mobile/Library/LockBackground.jpg
mv /private/var/mobile/Documents/LockBackground.backup.jpg /private/var/mobile/Library/LockBackground.jpg
4. That's everything to remove the stuff. Now there's one command left to make sure this won't happen again! Again in putty or any SSH client type: "passwd". You'll then be asked for a new password, you can change this into anything you want. The safer the better of course (:

The reason you have to change this password is that it's default is "alpine" at ALL iPhones. So if anyone knows that (and all hackers do) they can access your iPhone. Now you've changed it this isn't possible anymore!



Source: From Hacker's site

0 comments:

Post a Comment