T, FTFY
If iPhones weren't vulnerable, jailbreaking wouldn't be possible in the first place.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New Malware Allows Hackers to Access Personal Information on Jailbroken iPhones
- Thread starter MacRumors
- Start date
- Sort by reaction score
T, FTFY
If iPhones weren't vulnerable, jailbreaking wouldn't be possible in the first place.
"it's punisment for idiots"
haha..I never got why anyone would even want to jailbreak an iPod Touch..i can MAYBE (emphasis on maybe) get why someone would want to jailbreak their iPhone..but still...
No, that is not correct! Ikee's Rick Rolling worm was SPECIFICALLY written to attack phone's on the same 3G network. Apparently the Australian iPhone service provider leaves port 22 open on the 3G network. Wanna bet they close that real soon, if they haven't already?
I have two 3G iPhones, I was unable to connect via ssh over the 3G network (AT&T) from one to the other. The two iPhones are not on the same ip range for the last two octets, though, so my testing may be incomplete.
I'm far from an expert, though. It would be nice if the "official" jailbreak community investigated this further. Perhaps a Wiki on this specific topic.
Sage advice re SBSettings, but it's a common misconception that running OpenSSH decreases battery life; OpenSSH adds itself to the list of things inetd (which is running whether you have ssh installed or not) listens for. No extra battery drain with that method, or so the jailbreak community insists. Personally, I've noticed no change in iPhone battery life with or without ssh turned on.
I was in a library one day, a little one in a country town. It also had computers people could use for internet, they charged something stupid like £5 a hour to use dial-up via Internet Explorer 5 on a computer with Windows 98 installed. So anyways, I look at the screen and it asks for a username and password. The username was already there, something like "libraryadmin1". I was bored so I typed the username into the password box, almost certain that it wouldn't actually work, but it did! It then asked me how many hours to stay on for, so I typed 9 then hit OK, and that too worked! I then did it on the computer next to me, checked Engadget on one, then left.
Now, who's fault was that? Was it me, for doing the first thing anyone with even a IQ of 50 would do to get into a computer, or was it the fault of the idiots running the place who made the username and password the same damn thing?
It's the same situation here. It's the responsibility of the owner of a device to change their passwords and make them secure.
Now, who's fault was that? Was it me, for doing the first thing anyone with even a IQ of 50 would do to get into a computer, or was it the fault of the idiots running the place who made the username and password the same damn thing?
It's the same situation here. It's the responsibility of the owner of a device to change their passwords and make them secure.
You are safe if you don't have OpenSSH installed. I know you changed your root password, but without SSH you don't even need to do that.
Jailbreaking does not automatically install OpenSSH. You have to download it from Cydia.
Noobs shooting themselves in the foot is bad? What are you smoking?
It DOES NOT affect iPhones that comes directly from Apple
It requires
1. Jailbreak
2. Install SSH
3. Ignore recommendation to change default password
YES. Any person with a jailbroken iPhone who either hasn't installed SSH (most have to transfer files), or who has installed SSH and changed their root password from 'alpine', has immunity from the exploits that have been published thus far.
We have yet to see any sort of more creative exploit in the wild.
Changing the password is the only step necessary to avoid the problems to date.
They really should make the SSH program a real application with a GUI (a simple one albeit) that is terminated when you exit the program, similar to an appstore program. Only advanced users (read: not idiots) should use the background daemon .
It doesn't have to be a complicated app. In fact, all it needs is a message that says SSH on and a set password dialog box.
It doesn't have to be a complicated app. In fact, all it needs is a message that says SSH on and a set password dialog box.
This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has
.
This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has
Of all the reasons to jailbreak, piracy of App Store developers' hard work (and, in some cases, mediocre work) is the most shameful and least worthy of being touted. I still pay for my apps at least the ones that don't come from Cydia and my iPhone was only non-jailbroken for maybe the first day since I got it.
I wouldn't be surprised if Apple made this to scare people away from jailbreaking, after all they have been as drastic as to try and make jailbreaking illegal, so I wouldn't put it past them.
I just changed the password on my iphone using the tutorial in this thread... When I sign in on my Mac as a localhost it still accepts the old password.?. Anyone?
Is this a real question?
If it was impossible to jailbreak, nobody would jailbreak. Some people would use old phones/versions of the OS. Some people would buy other phones. Some people would complain but still use the iPhone. The number of jailbreak developers would dramatically decrease.
I believe I did using the terminal app. I rebooted and typed su to try the password and it worked on the phone but I can still sign in with the default "alpine".
Thanks