How to Secure your Jailbroken iPhone from SSH Hack and How to Change the Root Password on Your iPhone
A Dutch hacker recently threatened all jailbroken iPhone users with a proof of concept showing that their phones stand vulnerable to high risk and are absolutely unsafe after being jailbroken. He made use of port scanning method to find jailbroken iPhones in his country Netherlands running with SSH. He then sent unaware and totally off guard users a SMS message which read: “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files.”.
Clicking on the URL took the victim to PayPal site and asked him/her to pay €5 in order to remove the hack. The demand for money was extremely immoral. The hacker was illegally accessing personnel files on his device and then blackmailing its owners for money. It has now been reported that he has changed his mind now and has given up on the illegal attempt to collect some money, and has posted instructions for reverting what he did to several Dutch iPhone users.
He has also decided to return whatever he has received through his feat. This incident highlights the fact that jailbreaking removes the security mechanisms that is in place for the iPhone OS which ensures preventing unauthorized intrusions and securing the device against hackers.
Someone else can also play the same trick and may not even tell you about it. So the lesson to learn here is that if you jailbreak your iPhone and do things like leaving SSH running, then you must change the default password.
Unfortunately, all iPhones have same default root password ‘alpine’ which almost everyone knows, and that many forget to change after jailbreaking, leaving their phone vulnerable to intrusion and hacking.
To get your iPhone secured, you can change the root password from the very well know good old “alpine” to something more complicated and more secure. These are instructions on how to change the root password on your jailbroken iPhone or iPod touch. This password is required when using SSH to connect to your device.
Open the Mobile Terminal on your iPhone and do the following, Type in “su” and press return… You will be asked for the password, Type in “alpine” and press return.
NOTE: You will not see the password or any characters while you will be typing it in…
Now you should see a screen with something like this: “Phone’sName-iPhone:/var/mobile root#” in my case it was MaXsKi-iPhone:/var/mobile root# because my iPhone is named MaXsKi
Once you have logged in as the root user type in passwd into the terminal window then press the return key.
You will be prompted for new password. Input a password of your choice then press the return key.
You will be asked to retype the new password. Do this, then press the return key to finalize your change.
That’s it, you have successfully changed your good old “apline” password and have added a piece of mind for your self and a small layer of security to your iPhone.