Thursday, November 05, 2009

How to secure your Jailbroken iPhone. That could be "Hacked" by a kid.

Hi kids, Uncle Drunky with news you can use. For you techies, read to the bottom where I tell you you MUST secure both the mobile *and* the root user on any jailbroken iPhone / iPod Touch, and that no outside connection to the iPhone is needed.

Recently there’s been this thing making the rounds that a bunch of hacked iPhones in turn got “hacked.” Hacked! By some kid who is extorting money for the fix.

Some of you may even remember my rant about Apple crippling the stock iPhone. It *is* Apple’s baby to cripple or, uh, ‘implement’ as they see fit. So we jailbreak. But not without a price.

Ars Technica has the skinny, and calls it for what it is:

Though jailbreaking an iPhone certainly opens up opportunities to add functionality that Apple doesn’t approve of, it can also make an iPhone less secure. Several Dutch iPhone users found that out the hard way after a hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them.

[From Dutch hacker holds jailbroken iPhones “hostage” for €5 (Updated) - Ars Technica]

Kids, listen to Uncle Drunky. Do not jailbreak your iPhone unless you really know what you’re doing.

And DO NOT pay someone else to do it! Or any of those shyster sites!

Now for the translation. You know how you have to set up a Wireless router and have to change the default passwords? If you don’t, then some ‘hacker’ (note the quotes) drives by and steals your wireless?

That’s what this kid did. Charged a bunch of yobs who left their iPhones ‘open’ a stupid tax.

The Ars article doesn’t go into how to change the password, but the kid who did the original hack not only apologized [Dutch language] but posted the instructions himself. Seriously folks. READ his instructions and at the very least do that to secure your jailbroken iPhone. To that I add that you MUST secure not just the root user but user ‘mobile’ as well.

This can be done RIGHT NOW from your jailbroken iPhone in the field.

What you need to do is install MobileTerminal and ‘passwd’ from Cydia. No Mac or PC needed:

0/ Make sure that you have a jailbroken iPhone / Touch and are not just being hysterical.

1/ Search for ‘Terminal’ in Cydia and install.

2/ Search for ‘passwd’ in Cydia and install if needed.

3/ Run MobileTerminal and issue the following commands:

At the first prompt, type:


It’ll say ‘changing password for user mobile’ — so change it to what you want and verify. Then type:

su root

Hit return and then type type the password alpine to get in. Then type:


..and change the root password. Do so for BOTH USERS to secure your iPhone. To get out of Terminal just type exit or quit the App.

Welcome to my world, children…

Note to the techies out there. You MUST secure both users ‘mobile’ and ‘root’ as BOTH USERS can ssh in. Meaning you secured ‘root’ but some yob can steal files out of your mobile directory. And while they’re stealing your files your phone slows to a crawl. Nice, eh?

When you run MobileTerminal you start out as user mobile [the default user] first. ‘su’ is ‘switch user’ to root, the superuser / admin of the iPhone. Just like Mac OSX exc

No comments: