SSH Jailbreak security

[DerekRod]

Can someone hack into/SSH into my iPhone without openssh installed?

 

[rick snagwell]

Can someone hack into/SSH into my iPhone without openssh installed?

nope

 

[Intell]

Yes, but physical access is needed first and SSH does not have to be used when physical access is obtained.

 

[DerekRod]

Okay so if that person didn't have my phone they can't get into it there'd be no way.Is there anyway to prevent unauthorized access to my phone?

 

[Intell]

Don't let it leave your site. Also keep your iOS firmware up to date. A skilled hacker could use a vulnerability to get into your system. Examples of such a vulnerability include the jailbreakme jailbreaks.

 

[NanoNyrd]

Have a passcode set, and set it to wipe the phone after 10 failed login attempts. With a passcode set you can only access the phone from a computer that has previously accessed it, on any newer computer you need to give the passcode. A very skilled hacker can probably get in through DFU mode, but ordinary mortals cannot - and no available tool will bypass it, as far as I know.

----------

Oh, and SSH is pretty safe, as long as you remember to set roots password and mobiles password. But remember, if you restore and rejailbreak the phone, they are both set back to "alpine", even if you read in from backup.

 

[Intell]

It's actually very easy to get into an iPhone via DFU mode. Just click a button and open up a SSH client. http://msftguy.blogspot.com/2012/01/automatic-ssh-ramdisk-creation-and.html

 

[jailwut wunnow]

If you're on the same wifi network and you haven't changed the SSH password from alpine, then yes someone could easily SSH into your phone. They have to figure out what your current ip on that netwrok would be, but I'm sure it wouldn't take long to discover it. One of the first things I do after a jailbreak and installing OpenSSh is change the root and mobile passwords.

There are plenty of tut's on how to do it using mobile terminal or terminal on your mac. (I've never done it with a pc.)

 

[DerekRod]

my iPhone doesn't have OpenSSH installed so SSH-ing into my phone isn't possible?

 

[Intell]

my iPhone doesn't have OpenSSH installed so SSH-ing into my phone isn't possible?

If you don't have it installed, then they can't get into your phone via a network.

 

[jailwut wunnow]

....without openssh installed?

I misread "without" as "with openssh".

 

[hackthatphone]

Just leave your phone bricked at all times. "Unbrick" it (whatever the hell that means - ask the thousands on here who have done it) when you need to use it.

Mmm bricks.....

 

[h4zhCr4k3r]

this video demonstrates how someone can use ssh to access and iOS device that has been jailbroken and crack the hash.

It's critical to change the root and mobile passwords in the master.passwd file or use ssh and the passwd command.

http://www.youtube.com/watch?v=1z8jnr9Vxao&context=C44a3ea2ADvjVQa1PpcFNme4WSHTrBexL2WduDf8PTM8dYbzINr_U=

 

[DerekRod]

If you don't have it installed, then they can't get into your phone via a network.

Excellent thanks man