Researchers Demonstrate Vulnerability Allowing Theft of iPhone Passwords

[munkery]

Thanks for that. Bascially what I want to know: if I don't have SSH running, is there any point in changing my passwords for root and mobile?

Given that jailbreaking turns off code signing, changing the passwords can only help. Being able to change the passwords would benefit non JB iPhones as well. But, your Apple ID serves some of the functions (very limited) of the user password given the context of it's use in the iPhone and code signing.

I.e, is a JB iPhone with SSH off and passwords changed, any more or less secure than a non JB iPhone?

Jailbroken iPhones are less secure. JB iPhone apps run with root privileges such that the apps can write anywhere in the system. Non JB apps run with restricted privileges and are sandboxed. Apps running with elevated privileges are more susceptible to viruses and worms. SSH (remote login shell) is not the only shell. Non code signed apps are more likely to be Trojans so you have to be careful to install only from reliable and trusted sources.

 

[42streetsdown]

this is a lot like running a linux live disk on a computer to bypass passwords and get access to data

 

[munkery]

this is a lot like running a linux live disk on a computer to bypass passwords and get access to data

Is it? Does this method of using a linux live disk bypass the permissions of the OS?

I know this works well when the system you are recovering files from is Windows and the account is not password protected (accounts are not password protected by default). Does it work equally as well when the account is password protected?

If I remember correctly, you need to know an account password from the system you are recovering files from in bsd, linux, and OS X in order to recover the files. Accounts prompt to be password protected by default in these OSs (all OSs should do this).

The last time I did this was not that recent so I may not be remembering correctly.