Picture by Chance Agrella
A lot of people using jaibroken iPhones/ipod touches have got installed OpenSSH. Some earlier jailbreak methods installed it even by default. While the Pwnage-method used to jailbreak the iPhone 2.0 Software does not install OpenSSH automatically, many users still have installed it manually to solve their mail or other problems using the the terminal. There is some serious issue with having OpenSSH installed (and running) on iPhone:
As the default password for the root user is well known, everyone can in principle access your phone. Imagine your are at a Cafe with an open Wifi. Everyone with some knowledge can log into your phone, copy all the data from it (SMS, Mails, Adressbook, Photos) and then -if he likes- even wipe it.   

So if you don’t need OpenSSH, make sure you deinstall it!

Side node: You could also change the root password of your iphone, but I heard that some people have problems after doing so. So its safer just to deinstall OpenSSH, if you don’t need it anymore.

2 Responses to “Security hole in many jailbroken iPhones/ipod touches”

  1. If you have Cydia installed, you can change your root password without problems.

    Or you could install BossPrefs and toggle ON/OFF the OpenSSH service. Easy.

  2. Another alternative is to modify the OpenSSH setup to use key authentication and disable password authentication which is much more secure and relies on having the private key on the client.

Trackbacks/Pingbacks

Leave a Reply

You will be able to edit your comment after submitting.