[Merged] Jailbreaked iPhone SSH Exploit And Countermeasures

Discussion in 'Jailbreaks and iOS Hacks' started by jav6454, Nov 2, 2009.

  1. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #1
    Anyone with jailbroken iPhones must read this: Click Me

    Change your root password NOW

    Edit - Via Ars Click Me

    Edit 2 - The Hacker speaks: Click Me
    According to him does are instructions to remove his work and to change your password. Proceed with caution if you are new to that.
     
  2. Mystikal macrumors 68020

    Mystikal

    Joined:
    Oct 4, 2007
    Location:
    Irvine, CA
    #2
    ROFL right cause thats what an MMS looks like when it comes through.
     
  3. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
  4. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #4
    Did I miss the part where it said something about MMS? That is what a text looks like when it comes in, you know?
     
  5. Nugget macrumors 65816

    Nugget

    Joined:
    Nov 24, 2002
    Location:
    Houston Texas USA
    #5
    Grammar Police: To Correct and Serve

    The word is "utmost" not "outmost."
     
  6. Mystikal macrumors 68020

    Mystikal

    Joined:
    Oct 4, 2007
    Location:
    Irvine, CA
    #6
    Ive never seen an SMS / MMs with that bottom layer of text. Plus, what contact is that coming from? Surely he doesnt have a contact under the name "Important Warning."

    Plus, when going to the link it says "IT HAS BEEN REPORTED THAT THE KEYWORD WAS USED FOR SPAM, PHISHING, AND/OR ABUSE. AND IT WAS THEREFORE DEACTIVATED.

    WE APOLOGIZE FOR THE INCONVENIENCE.'
     
  7. UngratefulNinja macrumors 68000

    UngratefulNinja

    Joined:
    May 9, 2009
    Location:
    Pennsylvania
  8. jav6454 thread starter macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #9
    Nop, really new.
     
  9. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #10
    Hey

    Stop picking on him (Outmost) that's the way they say it in the uk. :p Old news sorry if you do a search you'll find some threads on it.
     
  10. jav6454 thread starter macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #11
    Check the news links... all of them dated TODAY.
     
  11. dukebound85 macrumors P6

    dukebound85

    Joined:
    Jul 17, 2005
    Location:
    5045 feet above sea level
    #12
    no, its old news that youre setting yourself up for trouble if you dont change your password when you jailbreak

    its been known about since when you could jailbreak all of 2 or so years ago lol
     
  12. bradenwh macrumors 6502

    Joined:
    Apr 12, 2008
    #13
    The hacker didn't expose a security vulnerability. He simply exploited one that's been around since the iPhone was first jailbroken. You deserve to get hacked if you do not change your root password. This is nothing new.
     
  13. ViPa macrumors 6502a

    Joined:
    Dec 4, 2007
    #14
  14. pablo7 macrumors 6502

    Joined:
    Nov 10, 2008
    Location:
    LOS ANGELES, CA.
    #15
    Any links on how to change my root password?? Thx.
     
  15. MakX macrumors member

    Joined:
    May 27, 2009
    #16
  16. foob macrumors 6502

    foob

    Joined:
    Feb 17, 2009
    #17
    Get the ssh toggle for SBSettings, change the passwords, or uninstall ssh. Changing the password is the simplest as you won't need a toggle taking up space.
     
  17. medicscott macrumors 6502a

    medicscott

    Joined:
    Aug 9, 2009
    Location:
    san diego
    #18
    even with the toggle in sbsettings....ssh will remain on. its no big deal. i wouldnt worry about it.
     
  18. jav6454 thread starter macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #19
    I don't mean the root thingy, that's old, but the hack is new. So this is a warning. It already happen and proof of concept is there.

    You know what to do.

    Edit - Hacker responds, see post #1
     
  19. ViPa macrumors 6502a

    Joined:
    Dec 4, 2007
    #20
    thanks..i think more people should be informed about this..its kind of scary lol
     
  20. medicscott macrumors 6502a

    medicscott

    Joined:
    Aug 9, 2009
    Location:
    san diego
    #21
    why not just change your root password via mobile terminal? thats what i did.
     
  21. bytethese macrumors 68030

    bytethese

    Joined:
    Jun 20, 2007
    Location:
    Cranford, NJ
    #22
    BossPrefs, turn off SSH. Also change your root password. Never keep default passwords. :)
     
  22. Lemons! macrumors member

    Joined:
    Jul 1, 2009
  23. Mystikal macrumors 68020

    Mystikal

    Joined:
    Oct 4, 2007
    Location:
    Irvine, CA
    #24
    Cydia > manage > packages.

    If OpenSSH is installed, its on.
     
  24. foob macrumors 6502

    foob

    Joined:
    Feb 17, 2009
    #25
    And hey everyone, this "vulnerability" is simply how ssh works. Go to the first screen in http://cydia.saurik.com/. Scroll down to the OpenSSH how-to and read it. It's not a complete guide to ssh but it's worth a read and it's been right there off the front page of Cydia at least since I got my phone in Feb.
     

Share This Page