ikee worm & how to change your root ssh password for your Jailbroke iPhone

Though the ikee worm and other recent incidents have highlighted security risks facing users of jailbroken iPhones, the question remains: If you are using a jailbroken iPhone, just how insecure is it and what can you do about it?

The first known worm for the Apple iPhone is sweeping across Australia, and it is taking advantage of default SSH passwords on jail-broken phones.

What’s clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, “alpine”. In fact, it would be a good idea if you didn’t use a dictionary word at all.

Presently it appears that the worm does nothing more malicious than spread and change the infected user’s lock screen wallpaper. However, that doesn’t mean that attacks like this can be considered harmless.

It looks like the only fix, since the worm disables ssh on the phone, is to reformat the phone. The files aren’t too terribly hidden, but how do you remove them if you can’t get into your phone? Reformat looks like the only way how.

If you would like to hear all about the worm from the creator itself you can get it from the Risky Business Podcast #131 from Apple’s itunes. or http://risky.biz/RB131

This looks like the start of things to come for mobile devices, Intego claims iPhone/Privacy.A a new worm is far more dangerous than the Ikee worm, takes advantage of the same vulnerability in the iPhone as the Ikee worm, allowing hackers to connect to any jailbroken iPhone whose owners have not changed the root password.

The tool reportedly allows a hacker to silently copy user data from a compromised iPhone including email, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone application insists Intego. This new hacker also tool gives no indication that it has invaded an iPhone.

Change Root Password of Your iPhone

Open the Cydia and go to Search Tab. Search for MobileTerminal.

Tap the MobileTerminal from the search results.
Tap the Install button at the top-right

Now tap the confirm button at the top-right.
Once you’re done with the installation, press the big Return to Cydia button.

Now press the Home button to close the Cydia and open the MobileTerminal from your iPhone SpringBoard.

type su and press return key at the bottom-right.
Now input alpine as your password and press return key.

Once the password is entered correctly, you’ll be logged in as root user.
Now input passwd and press return key

You will be prompted to input a new password for root. Input your desired new password and press return.

you’ll be asked to retype your new password again and hit return key.

Congratulations you’ve secured your iPhone by changing root password from unauthorized access.

This entry was posted in Security and tagged , , . Bookmark the permalink.

1 Response to ikee worm & how to change your root ssh password for your Jailbroke iPhone

  1. Thanks for the help bro!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s