| I wrote in another article about the "Ikee" worm | | | | On the iPhone: |
| attacking jailbroken unaltered root password iPhones. | | | | The app to use on the iPhone is called MobileTerminal |
| It is obvious this is only the first in a series of | | | | and it’s available for free in the Cydia store. |
| attacks to be launched against these popular cell | | | | Once you have MobileTerminal installed, launch it and |
| phones. | | | | you should see a prompt saying this or |
| Apple iPhone is nothing but a small mini computer with | | | | similar:iPhoneName: ~ Mobile$ |
| a phone in it. This makes it voulnerable to attacks | | | | - At that prompt, type: passwd |
| from malicious software makers. | | | | - You’ll be prompted for the ‘old’ |
| The "Ikee" worm creater put the source code open | | | | (current) password for the mobile user. Enter this |
| on the internet for others to explore and to exploit | | | | as the old password: alpine |
| as a starting point for more sophisticated worms and | | | | - You’ll then be prompted to enter the new |
| viruses to be used against the iPhone. | | | | password – so just type in your desired new |
| First you will need to download the Mobileterminal | | | | password. Use good password principles if possible |
| software; | | | | (long and stong). You will not see characters |
| This is a distribution software for Unix software for | | | | appearing on the screen as you type – |
| iPhone OS 3. The software is written by Allen Porter. | | | | that’s normal, not a concern. |
| Then you install this software and connect your | | | | - You’ll then be prompted to re-enter the new |
| iPhone to the PC and start the process of changing | | | | password. Do that. |
| the root password according to these instructions; | | | | - You should then be returned to the Mobile$ prompt |
| Here is a little bit more information to help you | | | | that you started on when opening the MobileTerminal |
| protect your iphone to hacks. | | | | app. There’s no success message to say the |
| A Dutch hacker demoed this week of how easy it is | | | | password was changed – but if you’re |
| to gain access to an iPhone when it is jailbroken, | | | | returned to the prompt and do not get an error, the |
| running the SSH service, and has not had its default | | | | change was successful. And you’re done with |
| admin-level passwords changed. | | | | change for the mobile account. |
| These stories were a great reminder that we should | | | | - The second primary admin account for the iPhone is |
| all make a habit of changing the default passwords | | | | called root – so now you need to change that as |
| for the iPhone’s two primary admin accounts | | | | well. |
| (usernames mobile and root) – as once | | | | - Type this to switch to the root user: login root |
| somebody gains root level access to an iPhone, all | | | | - You’ll be prompted for the root user’s |
| sorts of bad things can happen. | | | | current password. Enter this: alpine |
| Read on for some easy instructions on how to | | | | - Type this to start the password change routine |
| change your default passwords on the iPhone … | | | | again: passwd |
| How To Change The iPhone’s Default Admin | | | | - Enter the old password for root (it is |
| Account Passwords: | | | | ‘alpine’, same as for the mobile user) and |
| *** These instructions assume you are running | | | | enter your desired new password twice, just as you |
| iPhone OS 3.0 or above on your device – other | | | | did for the mobile account |
| firmware versions may vary in their default | | | | Done. |
| passwords. You also, of course, need to be | | | | You should now have been able to change the |
| jailbroken, and running the SSH service if you wish to | | | | password and your iPhone should be protected |
| use one of the methods that connect to the iPhone | | | | against at least 4 different variations of the "Ikee" |
| via a PC to make the changes. | | | | worm launced during the last week. |
| You can use applications on the iPhone itself or on | | | | However, you are not protected against any new |
| your PC to make these password changes. Please | | | | variations of the worm or new types, so you are |
| note – you only need to use one of these | | | | encouraged to follow closely on the internet security |
| methods, not all three. | | | | web pages to see any new development of virus |
| Here are three walk-throughs for three common | | | | and worm attacks on your iphone. |
| apps on iPhone, Mac, and PC: | | | | |