In the past few weeks 2 instances of worms have been discovered for iPhones that have been jailbroken.
Namely here : rickroll
and here: worm report
One thing that jailbreak instigators did not take into account is the common password to access the secure shell connection to the iPhone, which is login: “root”, password “alpine”
Being in south africa and the high use of Data Cards Vodacom and MTN are issuing prublicly viewable IP addresses to its iphone or data card users.
What this potentially does, is expose your iPhone to the internet. In doing this it exposes the SSH port which is open on the jailbroken iphones.
With this in mind we need to secure our iPhones from hackers.
To do this it is relatively simple if you have rudimentary computer skills by following these steps:
1: Connect your iPhone and Laptop to the same WiFi Network.
2a: (windows) In Google type “putty”, dont hit search, hit “I am feeling lucky”
The top download link is “putty.exe” download this file.
The above 2 lines can be replaced if you have a better way to get an SSH client onto windows.
When downloaded run putty.exe
2b:(mac) Top right click magnifying glass, type terminal into the text box and click on the terminal .app file.
3:On your iPhone, goto Settings, click Wi-Fi, click on your active Wifi access point(same as laptop/PC network)
4:Click on the active Wifi network “>” icon
5:under the DHCP tab there should be an assigned IP which normally starts with “192.168.#.#”
6a:Take that number and connect to that IP address using Putty in SSH mode with username “root”
6b:In the terminal window type “ssh firstname.lastname@example.org.#.#” ( where the 192.168.#.# should be replaced with the IP address on your iPhone and press enter
7:The text box will ask you to accept the key, Click yes as below:
“The authenticity of host ‘192.168.239.124 (192.168.239.124)’ can’t be established.
RSA key fingerprint is 8e:a9:e1:ef:f2:20:d0:db:90:aa:ec:43:c9:dd:0b:b4.
Are you sure you want to continue connecting (yes/no)?”
8: You will then be prompted to enter a password in the following format:
9: Enter the password “alpine”
10: Brennan-Babbs-iPhone:~ root# should be displayed, replace my name with the name of your iphone you named in itunes.
11: At this point we are ready to change root password to one of your own passwords type the following “passwd root”
“Changing password for root.
12: Enter a new password that you will remember that is not “password”, “god” “sex” or anything obvious. Choose a password that looks tricky to remember for anyone else but you.
13: You will be asked to repeat it.
Congratulations you have just protected your Jailbroken iPhone from malicious hackers.
Give yourself a big noddy badge, a pat on the back and smile at yourself in the mirror for an uneasy amount of time.
You are now on your way to becoming an iPhone security expert and can teach others how to do this.
Do you feel good? I would, you deserve it! Now go get a coffee and boast about it to your peers phones who are still behind the Apple iron curtain of dictatorship.