SSH, security and root passwords...

Discussion in 'Jailbreaks and iOS Hacks' started by rkb, Oct 28, 2010.

  1. rkb macrumors member

    Joined:
    Jun 22, 2010
    #1
    New to my JB iPhone and have read that open SSH is a security risk unless the root password is changed. How common is it for a device to be hacked into by the passwords remaining as "alpine"?

    If I go to SBSsettings and toggle SSH to off I assume the security risk no longer exists. As I don't currently wirelessly link my phone to my Mac I plan to simply leave SSH to off. Will this action effect apps such as MyWi?

    The current method listed to change the root password is by installing Mobile Terminal, this app must not be updated to 4.1 as it crashes. I can get a Terminal app from another source but has been reported that the source is pirated apps and I should not support them (xsellize). Is there another legit app for accessing the terminal?

    But, if my SSH is toggled off in SBS settings than the need to change the root/mobile passwords is non existent- correct?

    Finally, if I do indeed follow the easy steps to change root/mobile passwords will they go back to alpine when/if the phone is restored?


    Thanx
    R
     
  2. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #2
    Leaving you password as default is like leaving your house with the Keys still at the door. (nothing may happen, but someone may get in and they don't need much to do it).

    It is always best practice to change this password, if you disable SSH part of the Thread is gone but not all, if the attacked get access to your phone using other means, it will have root access immediately (since it knows the password), also Applications can do harmfull thing without your knowing (since they can scale to root without asking you).

    We don't know what holes iOS have, Apple work hard to find them and them after that the JB community work even harder to find this holes, but sometime someone with not good intentions may find this holes and do bad things. This is nature of software, there is not really much anyone can do but to rise the bar so high that it won't worth all the trouble (changing your root password is a start).

    Turning off SSH will not affect apps like MyWi

    You can also change your pasword using a SSH client, Terminal on Mac or Putty on Windows will do just fine.

    Also note that I haven't really installed openSSH on my personal iPhone for a long time, All my files exchange I do using iFile and apps like iPhone Explorer, PhoneDisk or iDisk (paid), no need for SSH unless you want to run commands (which i don't on my personal phone, now on my developers phones that is another thing) However changing the Root password is still VERY necessary even if you don't have OpenSSH install.

    Hope it help!
     
  3. scirica macrumors 68020

    scirica

    Joined:
    May 13, 2008
    Location:
    Dallas, TX
    #3
    Google "mobile terminal 426" and find a place to download the deb file for a version of Terminal that works perfectly on 4.x. I got mine off "funkeyspacemonkey" and it was a good download. Use iFile or another method to install and you're golden.

    I believe you can also get that version of MT by adding the Xsellize repo, but I'm not a big fan of those guys.
     
  4. rkb thread starter macrumors member

    Joined:
    Jun 22, 2010
    #4
    Thanks all! I'll change the passwords straight away..
     
  5. rkb thread starter macrumors member

    Joined:
    Jun 22, 2010
    #5
    ok, got it all changed. For the newbs like me just what nasty stuff could someone do if they accessed the unit? Other than mining data....or that Ikee worm.
     
  6. jayhawk11 macrumors 6502a

    jayhawk11

    Joined:
    Oct 19, 2007
    #6
    Realistically just about anything they want. Root access is a very, very powerful tool. You can install apps, download files and completely wreck your phone in general.
     

Share This Page