If you jailbreak your iPhone, the first thing you ABSOLUTELY MUST DO is change the default filesystem password.
When you jailbreak, the filesystem’s password is set to the common password “alpine.” As people usually don’t bother changing this password after performing a jailbreak, it’s really easy for hackers to get access to any jailbroken iPhone/iPod Touch on a public network.
EDIT: Just confirmed with GeoHot and it seems that at least blackra1n doesn’t install SSH by default, therefore this should not be a problem if you used blackra1n to jailbreak, unless you installed the OpenSSH package from Cydia.
An Australian hacker called Ashley Towns demonstrated this by circulating the first known iPhone worm, known as Ikee, which replaces your lockscreen wallpaper with an image of Rick Astley. Luckily Town’s Rickrolling is benign. He wrote the worm to demonstrate how easy it is to break into jailbroken iPhones.
Changing the password is quick and easy — after the jump is a tutorial showing how to change the SSH password.
Note: There is no need to follow this guide if you haven’t jailbroken your iPhone/iPod Touch.
Jailbroken iPhone / iPod Touch
Here’s how to change the default SSH password after jailbreaking:
1. Make sure you have Cydia installed on your jailbroken device. If you don’t already have MobileTerminal installed, launch Cydia and tap the ‘Search’ tab in the bottom navigation bar.
2. Type ‘MobileTerminal’ in the search field and select the first result. Select ‘Install’ on the top right corner and tap ‘Confirm’ on the next screen. It will now install MobileTerminal on your device. Now, tap on ‘Return to Cydia’ and tap home button.
3. Navigate to the newly installed ‘MobileTerminal’ application and tap to open.
4. In MobileTerminal, type ‘su root’ and tap return. It will ask you for a password, enter ‘alpine’ and tap return again.
5. Now, type ‘passwd’ and then tap return. Type in a new password such as ‘secret’ and tap return. Retype the new password to confirm and then tap return one last time to change the password.
6. Now, your SSH password will be changed and your device will be protected against any future hacks that use SSH to access your device.