[Merged] Jailbreaked iPhone SSH Exploit And Countermeasures

jav6454

macrumors P6
Original poster
Nov 14, 2007
16,876
1,532
1 Geostationary Tower Plaza
Anyone with jailbroken iPhones must read this: Click Me

Change your root password NOW

Edit - Via Ars Click Me

Edit 2 - The Hacker speaks: Click Me
According to him does are instructions to remove his work and to change your password. Proceed with caution if you are new to that.
 

Mystikal

macrumors 68020
Oct 4, 2007
2,440
0
Irvine, CA
Did I miss the part where it said something about MMS? That is what a text looks like when it comes in, you know?
Ive never seen an SMS / MMs with that bottom layer of text. Plus, what contact is that coming from? Surely he doesnt have a contact under the name "Important Warning."

Plus, when going to the link it says "IT HAS BEEN REPORTED THAT THE KEYWORD WAS USED FOR SPAM, PHISHING, AND/OR ABUSE. AND IT WAS THEREFORE DEACTIVATED.

WE APOLOGIZE FOR THE INCONVENIENCE.'
 

labman

macrumors 604
Jun 9, 2009
7,786
1
Mich near Detroit
Hey

Stop picking on him (Outmost) that's the way they say it in the uk. :p Old news sorry if you do a search you'll find some threads on it.
 

bradenwh

macrumors 6502
Apr 12, 2008
393
0
The hacker didn't expose a security vulnerability. He simply exploited one that's been around since the iPhone was first jailbroken. You deserve to get hacked if you do not change your root password. This is nothing new.
 

foob

macrumors 6502
Feb 17, 2009
306
0
Get the ssh toggle for SBSettings, change the passwords, or uninstall ssh. Changing the password is the simplest as you won't need a toggle taking up space.
 

jav6454

macrumors P6
Original poster
Nov 14, 2007
16,876
1,532
1 Geostationary Tower Plaza
no, its old news that youre setting yourself up for trouble if you dont change your password when you jailbreak

its been known about since when you could jailbreak all of 2 or so years ago lol
I don't mean the root thingy, that's old, but the hack is new. So this is a warning. It already happen and proof of concept is there.

You know what to do.

Edit - Hacker responds, see post #1
 

ViPa

macrumors 6502a
Dec 4, 2007
505
0
thanks..i think more people should be informed about this..its kind of scary lol
 

bytethese

macrumors 68030
Jun 20, 2007
2,693
99
BossPrefs, turn off SSH. Also change your root password. Never keep default passwords. :)
 

foob

macrumors 6502
Feb 17, 2009
306
0
And hey everyone, this "vulnerability" is simply how ssh works. Go to the first screen in http://cydia.saurik.com/. Scroll down to the OpenSSH how-to and read it. It's not a complete guide to ssh but it's worth a read and it's been right there off the front page of Cydia at least since I got my phone in Feb.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.