The Geeks' Den: How to change your iPhone’s Default SSH Password

My blog has moved! Redirecting...

You should be automatically redirected. If not, visit http://www.igeekden.com and update your bookmarks.

Tuesday, November 24, 2009

How to change your iPhone’s Default SSH Password

If you jailbreak your iPhone with anything other than GeoHot’s balckra1n*, then the first thing you ABSOLUTELY MUST DO is change the default filesystem password.

*blackra1n doesn’t install SSH by default, therefore this should not be a problem if you used blackra1n to jailbreak, unless you installed the OpenSSH package from Cydia.

When you jailbreak, the filesystem’s password is set to the common password “alpine.” As people usually don’t bother changing this password after performing a jailbreak, it’s really easy for hackers to get access to any jailbroken iPhone/iPod Touch on a public network.

An Australian guy called Ashley Towns demonstrated this by circulating the first known iPhone worm, known as Ikee, which replaces your lockscreen wallpaper with an image of Rick Astley. Luckily Town’s Rickrolling is benign. He wrote the worm to demonstrate how easy it is to break into jailbroken iPhones.

Note: There is no need to follow this guide if you haven’t jailbroken your iPhone/iPod Touch.

You need:
- Jailbroken iPhone / iPod Touch
- Cydia
- MobileTerminal

    Here’s how to change the default SSH password after jailbreaking:

    1. Make sure you have Cydia or Rock installed on your jailbroken device. If you don’t already have MobileTerminal installed, launch Cydia or Rock and tap the ‘Search’ tab in the bottom navigation bar.

    SSH-PW-1

    2. Type ‘MobileTerminal’ in the search field and select the first result. Select ‘Install’ on the top right corner and tap ‘Confirm’ on the next screen. It will now install MobileTerminal on your device. Now, tap on ‘Return to Cydia’ and tap home button.

    SSH-PW-6

    3. Navigate to the newly installed ‘Terminal’ application and tap to open.

    4. In MobileTerminal, type ’su root’ and tap return. It will ask you for a password, enter ‘alpine’ and tap return again.

    5. Now, type ‘passwd’ and then tap return. Type in a new password such as ’donthackme’ and tap return. Retype the new password to confirm and then tap return one last time to change the password.

    SSH-PW-13

    6. Now, your SSH password will be changed and your device will be protected against any future hacks that use SSH to access your device.

    Posted by Den at 10:59 PM
    Labels: , , , , , , , , , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)