Though the ikee worm and other recent incidents have highlighted security risks facing users of jailbroken iPhones, the question remains: If you are using a jailbroken iPhone, just how insecure is it and what can you do about it?
The first known worm for the Apple iPhone is sweeping across Australia, and it is taking advantage of default SSH passwords on jail-broken phones.
What’s clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, “alpine”. In fact, it would be a good idea if you didn’t use a dictionary word at all.
Presently it appears that the worm does nothing more malicious than spread and change the infected user’s lock screen wallpaper. However, that doesn’t mean that attacks like this can be considered harmless.
It looks like the only fix, since the worm disables ssh on the phone, is to reformat the phone. The files aren’t too terribly hidden, but how do you remove them if you can’t get into your phone? Reformat looks like the only way how.
If you would like to hear all about the worm from the creator itself you can get it from the Risky Business Podcast #131 from Apple’s itunes. or http://risky.biz/RB131
This looks like the start of things to come for mobile devices, Intego claims iPhone/Privacy.A a new worm is far more dangerous than the Ikee worm, takes advantage of the same vulnerability in the iPhone as the Ikee worm, allowing hackers to connect to any jailbroken iPhone whose owners have not changed the root password.
The tool reportedly allows a hacker to silently copy user data from a compromised iPhone including email, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone application insists Intego. This new hacker also tool gives no indication that it has invaded an iPhone.
Change Root Password of Your iPhone
Open the Cydia and go to Search Tab. Search for MobileTerminal.
Tap the MobileTerminal from the search results.
Tap the Install button at the top-right
Now tap the confirm button at the top-right.
Once you’re done with the installation, press the big Return to Cydia button.
Now press the Home button to close the Cydia and open the MobileTerminal from your iPhone SpringBoard.
type su and press return key at the bottom-right.
Now input alpine as your password and press return key.
Once the password is entered correctly, you’ll be logged in as root user.
Now input passwd and press return key
You will be prompted to input a new password for root. Input your desired new password and press return.
you’ll be asked to retype your new password again and hit return key.
Congratulations you’ve secured your iPhone by changing root password from unauthorized access.