Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New Malware Allows Hackers to Access Personal Information on Jailbroken iPhones
- Thread starter MacRumors
- Start date
- Sort by reaction score
I appreciate your comments and I do agree that people don't need to bash people that choose to jailbreak or choose not to jailbreak. It is your device, use it however you like. If that is jailbroken or not, I don't care. It is not your (or my) place to judge the other person's choice.
Now that being said, I do disagree with the above quoted comment. Apple implements the closed architecture to protect their market. They want their 30% of app sales and they want AT&T's (or insert local carrier here) money to stay exclusive. The main reason the phone is locked down is not security, it is money. Apple feels the closed architecture model will maximize their profits. Apple is not primarily looking out for you. They are primarily looking out for their shareholders, as they should.
There are a lot of people in the forum who would benefit if they stopped thinking Apple is some unique company that does what is best for the customer out of the goodness of their heart. They only care about their customers to the extent required to maximize profits and growth for the shareholders - no more, no less. Apple will never do anything that is good for the customer and bad for the shareholder. And they shouldn't. Apple is in this to make money. Just like every other public company. Currently, Apple is just better at making money than other companies. It was
Why is it hard not to? Do you also assume everyone that has a bit torrent client on their Mac steals movies/music? Do you assume everyone that has Handbrake on their Mac is pirating DVDs?
And if you have either of these things on your Mac, what makes you any different from a jailbreaker? Maybe you shouldn't be so quick to judge.
Yup.. Which is fine with me.. I dont intend on Jailbreaking my iPhone. As far as im concerned it doesnt bring any benefits for me.
I know Apple is in this to make dough, but do you seriously think that's the only reason? In my opinion Apple has proven time and time again that it cares about consumer needs greatly. I don't think it would be smart for any, company to only focus on the customer though. If they would like to stick around then they better think about sales, but that can't possibly be their only agenda. If that was their only agenda, then why set themselves apart in so many ways? Why cater to niche markets? And why not sell a bunch of interchangeable garbage so every demographic could just be happy and call it a day? Apples are not pc's for a reason lol. Uh oh . . . here come the stooooooones . . Thanks, thor. I never use it anymore, so I just uninstalled it. If I ever start using it again I'll just install it and then change the root pw again.
If i never installed SSH, is my phone still vulnerable since the default password is still on!?
He's just upset because there's no Cydia app to change the text in the SMS app one pixel higher.
No, if you don't have SSH you're safe.
It is Apple's fiduciary responsibility to make decisions that are in the best interests of the stockholders.
Of course Apple can't ignore the customer completely because then they would not net sell anything. But Apple only caters to the customer to the extent they believe they need to in order to maximize value for the shareholder. That is their duty as a publicly traded company. They "set themselves apart" because they feel that is the best way to maximize shareholder value. They don't sell interchangeable garbage because they don't think that is in the best interests of the shareholders, etc.
And I'd argue they don't cater to niche markets at all. They have a relatively small assortment of products that meet the needs of most people. For example, people here have been screaming about a headless mini-tower for years, but Apple does not make one because they don't think it would be worth the investment (read: they would not make enough money). People here have been complaining about graphics cards the entire time I have been posting on this site. Apple doesn't put better cards in because they think that the sales they would gain from offering better graphics cards would not offset the cost required to put better graphics cards in every single machine.
I am not saying Apple is a bad guy in this regard. It is their duty to act this way. But Apple is not the corporate superhero some here make them out to be. Apple is not inherently good and Microsoft is not inherently evil. They are both doing what they think is best for the stockholders.
What iPhone 62S said. Look at it this way: if SSH isn't installed, the door isn't there for hackers, etc. to try the default key in, even if you haven't yet changed the lock. That's...um...embedded...in the wall. Yeah.
Well I'm not in the US, and the US isn't the only country in the world.
Besides, that's not what matters. No matter what the governments say, it's still common sense not to have stupidly unsecure passwords.
I hate these losers taking credit as if they're hackers or something!!!!
I could have done it if I really wanted to (just I don't like breaking people's iPhones because I'm not a d!ckhead.)
Method...
login: root
password: alpine
most people don't check this. So if you can get them to install your software (thinking it's legit software) then you can do anything... how about just a basic terminal script that says:
rm -r *
It's no secret that if you have somebody's root password then a simple unix command (like the one above) will delete the whole thing.
Damn I shouldn't have said this!!!! The losers who made this "virus" (hardly a dangerous worm or something...) will probably copy my method because they didn't know!!
---
Why is this news? EVERYBODY knew it was possible... but most people aren't interested in breaking people's iPhones.
Most people who jailbreak know a bit more about computers...etc than your average loser, and could probably make apps... FFS not apps... SCRIPTS:
su
alpine
rm -r *
Those 3 lines are enough (I can enter them into your iPhone's terminal if you don't believe me.)
Most jailbroken users are not STUPID enough to download an app called "coolappthatgetsyoulotsofsexandfreebooze" seriously thinking it will give them sex + free booze, only to find out that it really trashes things.
---
This script (I refuse to call it a virus) is already blacklisted on cydia (you need to install a private repo to get it anyway... showing how stupid you'd have to be)... so it's unlikely that any users will be effected because when you try to install it, cydia says "this is malware... are you stupid enough to install it?"
If you say yes then you deserve to have your iPhone's data deleted...
I could have done it if I really wanted to (just I don't like breaking people's iPhones because I'm not a d!ckhead.)
Method...
login: root
password: alpine
most people don't check this. So if you can get them to install your software (thinking it's legit software) then you can do anything... how about just a basic terminal script that says:
rm -r *
It's no secret that if you have somebody's root password then a simple unix command (like the one above) will delete the whole thing.
Damn I shouldn't have said this!!!! The losers who made this "virus" (hardly a dangerous worm or something...) will probably copy my method because they didn't know!!
---
Why is this news? EVERYBODY knew it was possible... but most people aren't interested in breaking people's iPhones.
Most people who jailbreak know a bit more about computers...etc than your average loser, and could probably make apps... FFS not apps... SCRIPTS:
su
alpine
rm -r *
Those 3 lines are enough (I can enter them into your iPhone's terminal if you don't believe me.)
Most jailbroken users are not STUPID enough to download an app called "coolappthatgetsyoulotsofsexandfreebooze" seriously thinking it will give them sex + free booze, only to find out that it really trashes things.
---
This script (I refuse to call it a virus) is already blacklisted on cydia (you need to install a private repo to get it anyway... showing how stupid you'd have to be)... so it's unlikely that any users will be effected because when you try to install it, cydia says "this is malware... are you stupid enough to install it?"
If you say yes then you deserve to have your iPhone's data deleted...
Your analogy sucks.
It would be more appropriate to say it's like complaining that someone stole your car after you left it running in the parking lot... and you're someone who has never used a car before nor understands how it works but some car expert down the street assured you it was okay to leave it parked and running, despite what the car manufacturer has said.
This is the downside of jailbreaking. The people advocating jailbreaking are making it easy enough for people without a technical background to do it and therefore things are being left wide open like that. Go ask the average user what SSH even is and you'll get back a blank stare. And you think it's obvious that people should know better than to leave the default root password in place.
If the jailbreaking community wants to keep their efforts alive and well, they should undertake and effort to educate their group and/or implement the basic safeguards in the process of jailbreaking. It seems irresponsible to do otherwise.
I agree with you to an extent .... True, if you ask the average user what SSH is they will give you the blank stare (I've had a few of these, when asked how i changed my SMS tones
). However, if these users don't know what SSH is, how and why would they install it on their phones.My point is, if you know what SSH is, and then install it on your iPhone (and obviously know how to use it) ... you should know that you need to change the password to keep it secure. If they know this and still don't do it .... I think they deserve to have their iPhones screwed up.
KrayzieKray 
While it is about people who install SSH, the other common factor is that they also jailbreak. When there's a story about a non-jailbreak phone that got the malware, feel free to use this rant.This has nothing to do with jailbreak, it is about users who install SSH and choose to leave the default password for their own convenience. This announcement is designed to scare people like you into not jailbreaking and getting every app for free which sounds like it has
It's called the power of google. Those users with the blank stares only care about the SMS tones. So they google it. They'll follow the directions and won't give a second thought to what program they used to get their SMS tones. In the meanwhile, their phone gets infected and they'll have no idea why.True, if you ask the average user what SSH is they will give you the blank stare (I've had a few of these, when asked how i changed my SMS tones
This is EXACTLY why I did not jailbreak my iPhone when I first bought it over a year ago. Security.
You sound like someone who hasn't ever jailbroken an iPhone. What you're overlooking is that a jailbroken iPhone doesn't come with SSH by default. You have to launch Cydia (which has a menu item on changing your passwords) and then from that install SSH.
Instead of asking the average user what SSH is, a better question may be why did you install it, and how did you manage to ignore the warning to change your passwords?
The frustration here is that hacking of ANY computer via SSH because of a default password, or easy to guess or lookup password is always an issue if you install SSH or like the Mac, already have it installed (but off by default).
And, if security is your primary concern, you do in fact want to jailbreak your iPhone simply so that you can change your root and mobile passwords from the default. Jailbreaking is the only way to do this and it does provide an extra layer of security in this regard.
More reasons to not jailbreak, and if you do, be very careful. Lots of articles popping up online in the past week or so about jailbroken devices being hacked. Go official firmware, you keep the rest of us safe and sound!
YOU are the one who sounds like someone who hasn't ever jailbroken an iPhone. By default, SSHing into your iPhone won't work. Jailbreaking and installing the SSH app allows SSH connections to come through, thus you can SSH to the iPhone's IP address and password 'alpine'. So please, do your research beforehand and know what you are talking about.