iPhone Question about security

Discussion in 'Jailbreaks and iOS Hacks' started by gman901, Jan 25, 2015.

  1. gman901 macrumors 6502a

    Joined:
    Sep 1, 2007
    Location:
    Houston, TX
    #1
    I have read some posts about whether I should change the root password or not. I do not have OpenSSH installed but I have been using ifunbox to transfer files. Should I still change the root password?
     
  2. MacManiac76 macrumors 65816

    MacManiac76

    Joined:
    Apr 21, 2007
    Location:
    Arizona
    #2
    Question about security

    You should always change both the root and mobile user passwords. You can download MTerminal from Cydia and do it right on the device.
     
  3. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
  4. gman901 thread starter macrumors 6502a

    Joined:
    Sep 1, 2007
    Location:
    Houston, TX
    #4
    Okay, I'll do that now! Thanks for the advice.

    ----------

    I installed Mobile terminal but it keeps crashing. I'm on 8.2 on the iPhone 6 plus.
     
  5. HKZ/MST3K macrumors regular

    Joined:
    May 6, 2011
    #5
    If you don't have openSSH installed then you're fine. Without that installed then you can't access the device remotely through wifi and if they gain physical access to the device it won't matter either. Unless you install openSSH there's no reason to bother changing them.
     
  6. gman901 thread starter macrumors 6502a

    Joined:
    Sep 1, 2007
    Location:
    Houston, TX
    #6
    That's really good to know as well. I found a terminal program that works with the 6 Plus and went ahead and changed both passwords even though I don't have openssh installed. I figured it won't hurt either.
     
  7. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #7
    That's what I thought. There's no way in if you never install openSSH to begin with right?
     
  8. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #8
    Even without having SSH installed, it is still a very good preventive measure to change both of the passwords. In the even one downloads something that ends up being malicious, it won't be able to cause too much damage as it won't be able to elevate itself by using the standard password that has been the same since iOS 1.1.
     
  9. eelw macrumors 6502a

    eelw

    Joined:
    Sep 19, 2012
    #9
    Also if you never use an untrusted network, less worries.
     
  10. HKZ/MST3K macrumors regular

    Joined:
    May 6, 2011
    #10
    Nope. There's no reason to change the passwords if you have not installed openSSH. The attack vector doesn't exist without that being installed. I've been jailbreaking since it first started in 2011 and without installing openSSH there's no reason whatsoever to change the alpine password because you can't access that vector without it being installed. I remember way back when that a guy was able to hit that vector through the carrier and was changing people wallpapers or something and everyone in the jailbreak scene and the people that were against were running around like a chicken with their heads cut off over it. Without openSSH being installed it was impossible to do that, and through USA carriers you couldn't do it either because you can't access that part of the phone through the IP address or whatever it is that your carrier gives you for your data. People latched onto it without having any clue what they were talking about and it did real damage to the jailbreak scene because ignorance trumped education. It was low hanging fruit and people bit on and didn't let go.

    ----------

    That's not true. Malicious software doesn't need that level of access to wreak havoc. OpenSSH is only there to access your device remotely through wifi. I don't know who told you that or where you got it from but it's completely false. There's no reason to change either if you don't install OpenSSH because apps don't need to.
     
  11. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #11
    Jailbreaking has been around since 2007, not 2011, and way back then OpenSSH wasn't used, it was Dropbear SSH. Changing both the root and the mobile passwords, even without SSH installed, is still a very good idea. It prevent locally executed malicious scripts and applications from elevating to root permissions without user consent. There are some many ways that a malicious executable can cause havoc on a default password iOS device. All it takes is a crafty malicious developer to put something on Cydia that has an SSH binary in it and have it reverse SSH into a server of their choosing. Thus, creating a simple, yet effective, botnet. You're turning a blind eye to the possibilities and potentials of malicious iOS applications and packages.
     

Share This Page