Top stories

Journalists Cover Microsoft, Using Macs

It’s not an easy time for Microsoft — with Steve Ballmer having to field questions about being “buffoons” and an “evil empire”  at the shareholder’s meeting (.doc) — so when they get together “the world’s most influential technology pundits and online writers” (nb: we weren’t invited) for Mobius to discuss super-secret mobile tech you’d think [...]

Guide To Black Friday Apple Bargains: Cheap MacBooks, iPods and Accessories Galore

Here’s a guide for finding the best bargains on Apple-related gear during the infamous Black Friday sales on November 27. We’ve compiled a comprehensive list of gear from leaked photos of sales flyers and descriptions of sales.
The bargains include a 2.26 GHz MacBook + $150 gift card at Best Buy for $999.99 ; a 32GB [...]

Review: Voices Is Today’s Best Thing Ever, Grab It Now While It’s Cheap

New on the App Store is Voices from the clever folk at Tap Tap Tap. You can guess what it does.

Open it up, pick a silly voice. Helium is pretty silly. A microphone appears and the app even clears your throat for you (try it, you’ll see what I mean). Now speak your brains, and [...]

Review: Sony Walkman S540 Series Video MP3 Player

Press releases, you will hardly be surprised to hear, are rarely very interesting. But one arrived in my inbox a couple of weeks ago that made me double-take.
“Sony’s S Series Walkman,” it chattered, “is a serious challenger to the iPod Nano.” Gosh, really? Perhaps the Cult had better have a look at one, then, despite [...]

How To: Change Your iPhone’s Default SSH Password

4:17 pm, November 9th, 2009, Sayam Aggarwal

ikee_iphone_wallpaper

If you jailbreak your iPhone, the first thing you ABSOLUTELY MUST DO is change the default filesystem password.

When you jailbreak, the filesystem’s password is set to the common password “alpine.” As people usually don’t bother changing this password after performing a jailbreak, it’s really easy for hackers to get access to any jailbroken iPhone/iPod Touch on a public network.

EDIT: Just confirmed with GeoHot and it seems that at least blackra1n doesn’t install SSH by default, therefore this should not be a problem if you used blackra1n to jailbreak, unless you installed the OpenSSH package from Cydia.

An Australian hacker called Ashley Towns demonstrated this by circulating the first known iPhone worm, known as Ikee, which replaces your lockscreen wallpaper with an image of Rick Astley. Luckily Town’s Rickrolling is benign. He wrote the worm to demonstrate how easy it is to break into jailbroken iPhones.

Changing the password is quick and easy — after the jump is a tutorial showing how to change the SSH password.

Note: There is no need to follow this guide if you haven’t jailbroken your iPhone/iPod Touch.

Ingredients:

Jailbroken iPhone / iPod Touch
Cydia
MobileTerminal

Here’s how to change the default SSH password after jailbreaking:

SSH-PW-0

1. Make sure you have Cydia installed on your jailbroken device. If you don’t already have MobileTerminal installed, launch Cydia and tap the ‘Search’ tab in the bottom navigation bar.

SSH-PW-1

SSH-PW-2

SSH-PW-3

SSH-PW-4

SSH-PW-5

2. Type ‘MobileTerminal’ in the search field and select the first result. Select ‘Install’ on the top right corner and tap ‘Confirm’ on the next screen. It will now install MobileTerminal on your device. Now, tap on ‘Return to Cydia’ and tap home button.

SSH-PW-6

3. Navigate to the newly installed ‘MobileTerminal’ application and tap to open.

SSH-PW-7

SSH-PW-8

SSH-PW-9

4. In MobileTerminal, type ’su root’ and tap return. It will ask you for a password, enter ‘alpine’ and tap return again.

SSH-PW-10

SSH-PW-11

SSH-PW-12

SSH-PW-13

5. Now, type ‘passwd’ and then tap return. Type in a new password such as ’secret’ and tap return. Retype the new password to confirm and then tap return one last time to change the password.

6. Now, your SSH password will be changed and your device will be protected against any future hacks that use SSH to access your device.

Posted by Sayam Aggarwal in How tos, How-To, Top stories, iPhone 3G, iPhone 3G S, iPod Touch | Comment on this article

About the author

Sayam Aggarwal

Sayam Aggarwal is a 16-year-old student living in India who has been an Apple fan for almost 5 years. He has worked with ModMyi, one of the leading iPhone communities, as an author for more than a year. He spends most of his free time on the Internet fetching the latest news regarding Apple and its entire product range. Follow him on Twitter!

Email the author | Read more posts by Sayam Aggarwal.

Related posts from Cult of Mac

19 comments

    Noooooo…

    “it’s really easy for hackers to get access to any iPhone/iPod Touch on a public network.”

    Any JAILBROKEN iPhone/iPod touch on a public network.

    GQB, on November 9th, 2009 at 4:24 pm

    @GQB thanks for letting me know :)

    Sayam Aggarwal, on November 9th, 2009 at 4:33 pm

    So I’ve heard conflicting reports on this. Is is ANY jailbroken phone that can be accessed or is it any jailbroken phone that has an app like MobileTerminal installed?

    I’ve seen on other sites that you’re only vulnerable if you have a SSH app installed.

    Neil, on November 9th, 2009 at 4:42 pm

    Thanks for the great article.

    Can you please clarify in your article, for those like me, who are not fully tech-savvy IS THIS FOR ALL JAILBROKEN/UNLOCKED, OR ONLY PEOPLE THAT MESS WITH SSH?

    sbi, on November 9th, 2009 at 6:55 pm

    I realize this is going to sound like a really retarded question, but I can’t seem to figure it out otherwise. I bought an iPhone 3GS from Dubai. Cydia’s running and I have “ultrasnow” installed. So does this mean the phone’s unlocked AND jailbroken? .. if so, can I go to iTunes and update the iPhone’s software to 3.1.2 .. I currently have 3.0.? something .. is there any advantage of upgrading? .. I really don’t want to mess up the phone.

    Bilal, on November 9th, 2009 at 11:33 pm

    @Bilal – If you have Cydia running it is jailbroken. Ultrasn0w is the carrier unlock. So yes, you are both jb and unlocked. You can upgrade to 3.1.2, but use pwnage to create the custom ipsw (this avoids having to redo the break with blackra1n). See http://blog.iphone-dev.org/

    Kevin, on November 10th, 2009 at 6:41 am

    Just confirmed with GeoHot and it seems that at least blackra1n doesn’t install SSH by default, so this should not be a problem if you used blackra1n to jailbreak, unless you installed the OpenSSH package from Cydia.

    Sayam Aggarwal, on November 10th, 2009 at 7:47 am

    this was really helpful man, i dont know what i would do without you!

    hrag, on November 10th, 2009 at 8:21 am

    great how to! there is no way to mess up with the excellent screen shots.

    Michael Fowler, on November 10th, 2009 at 8:35 am

    This doesn’t affect you, unless you installed the OpenSSH server using Cydia.

    Neither PwnageTool/QuickPwn nor blackra1n make your iPhone vulnerable, because they *don’t* install any SSH services by default.

    accolon, on November 10th, 2009 at 9:19 am

    Good article. Timely, relevant and well-written.

    iGenius, on November 10th, 2009 at 10:17 am

    If I change the root password, does this cause any adverse affects with installing App store apps, or does the phone use ‘root’ to install or do other things on it’s own? if so, will it recognize the change?

    what about next update? does any of this matter in regards to the root pwd?

    seeloe, on November 10th, 2009 at 5:08 pm

    from other sites, it does not sound advisable to, the better option is to use sbsettings, and just toggle SSH off, until YOUR actually using it…

    seeloe, on November 10th, 2009 at 5:24 pm

    Thanks for these instructions – VERY much appreciated

    Gaboose, on November 12th, 2009 at 6:45 pm

    This sounds strange but after installing teminal and following the instructions I put in “alphine” and it says it’s incorrect? If I used Blackra1n/Cydia do I really need to do this and what else could the password be? I’m using AT&T in the US. Thanks!

    John, on November 13th, 2009 at 11:59 am

    In SBSsettings, in both the ‘Selected’ and ‘Ignored’ toggles, I turned off each SSH. If I change my root passwd, will this create a security hole is it safe to do so?

    Davey, on November 13th, 2009 at 10:01 pm

    In SBSsettings, I turned off each SSH found in both the ‘Selected’ and ‘Ignored’ toggles. If I change my root passwd, will this create a security hole or is it safe to do so?

    Sorry if the question sounds stupid, but I’m a newb in the jailbroken 3G world. Thanks!

    Davey, on November 13th, 2009 at 10:03 pm

    Also, I forgot to mention that I don’t have OpenSSH installed.

    Davey, on November 13th, 2009 at 10:06 pm

    “Type in a new password such as ’secret’” —

    Don’t you mean “Type in a _secret_ password”? It’s not going to help much if the phone responds to the obvious second choice.

    Bill, on November 20th, 2009 at 7:55 am

Add your comment

Name(Required)

Mail (required, but not published)

Website

Comment

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble