The iPhone becomes a victim of its own popularity - Continued
Yes, there are a few packages that install SSH for you as a dependency, but you should be able to see that beforehand and avoid them if you choose to. But there is an even easier way to prevent unwanted access to your iPhone. You can install an application like SBSettings of BossPrefs and with this you can easily turn off SSH when you do not need it to be running. But there is one step that you can (and should) perform. This is to change the default root password from Alpine to something different that you can remember. To do this you will need something like Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) or your favorite flavor of SSH application.
To do this you open up Putty and put in your wireless IP address. You can find this in Settings under the WiFi section, or you can see it in SBSettings. Make sure you set the port to 22 and the type of connection to SSH.
Once you connect you will get a warning, but should go ahead and click yes to enter the terminal.
You need to login as root to change that password, so go ahead and type root in the window that opens. Next, type the default password alpine; it is case sensitive and you will not see any indication that you are entering characters, but trust me, you are.
Once you have typed it in, press enter and you are now logged in as the root user of the iPhone. From there type in "passwd" (without the quotes). You may be prompted to type in the old root password (again, alpine). If you are, type that in and then enter the new password you have chosen when prompted, then again when asked to confirm the password change and you are done. Once you are finished go back into SBSettings and turn SSH and WiFi off (unless you need WiFi).
Conversely, you can use something like mobile terminal if you do not want to bother with an SSH connection to your phone. http://justanotheriphoneblog.com/wordpress/iphone-tips/how-to-change-the-iphones-root-password
Unfortunately this is probably just a Band-Aid on a much larger problem. As we have seen with Windows, once something becomes popular and widely used, it becomes a target for hackers and malware writers. But the iPhone is an even more attractive target because of its perceived notion of security. I have seen people leave saved passwords for banking apps, yet not even have a password to get into their phone. Further to that is the lack of complex password options for entry (unless connecting with MS Exchange).
These are all symptoms of a problem that threatens to blow up in the face of Apple and iPhone owners. As the iPhone gets larger and larger and the number of net aware and active apps pop up (combined with the "ease" of mobile banking), we will see this trend grow. For now you will hear how it is only the Jailbroken phones that are the problem, but as you can see, that is not true. It is a flaw in the way the OS image is created and the fact that Apple has not changed the default root password since its initial creation. So while it is easier to attack jailbroken phones that have SSH installed (and enabled), it is only the opening moves in a war that Apple is ill-prepared to fight.
I have a feeling that the jailbreaking community is prepared and will be the first people to counter this new threat. After all, they are the ones that know the inner workings and holes in the iPhone OS and will be the ones to help users close them to protect themselves.
Right of Reply
We at TweakTown openly invite the companies who provide us with review samples to express their opinion of our content and thoughts. If any company representative of this product wishes to respond, we will publish the response here.
Page 2 of 2
Further Reading: Read and find more Mobile Devices content at our Mobile Devices reviews, guides and articles index page.
Do you get our RSS feed? Get It!