Tuesday, November 3, 2009

Hacked iPhones in the Netherlands

What if your trusted iPhone suddenly demanded 5 euros in exchange for upgraded security?

It's not an April's fool joke, it happened in the Netherlands when someone hacked into a large number of jailbroken iPhones and replaced their background images with a warning message requesting a 5 euro donation for instructions to get it back to its former self.

The security flaw was: most jailbroken iPhone users didn't change the default root password, and that leaves them vulnerable to attack.
Fortunately there are already instructions on how to recover and protect your hacked iPhone.

1. Get an SSH program like putty for windows.
2. SSH to your iPhone. (If you haven't done that before it may take a while, and after that there might come a warning about a key fingerprint. You can just accept that). Login using username "root" and password "alpine". (this is the default password)
3. There's a few commands you have to execute, best is to just copy them:
rm /System/Library/LaunchDaemons/com.apple.syslog.plist
chown mobile /private/var/mobile/Library/LockBackground.jpg
chmod 666 /private/var/mobile/Library/LockBackground.jpg
mv /private/var/mobile/Documents/LockBackground.backup.jpg /private/var/mobile/Library/LockBackground.jpg
4. That's everything to remove my stuff. Now there's one command left to make sure this won't happen again! (-; Again in putty or any ssh client type: "passwd". You'll then be asked for a new password, you can change this into anything you want. The safer the better of course (:

The reason you have to change this password is that it's default is alpine at ALL iPhones. So if anyone knows that (and all hackers do) they can access your iPhone. Now you've changed it this isn't possible anymore!


  1. Great, but does Apple (or AT&T) tell iPhone users that they should change the default password?

    What a great ad this vulnerability would make if other phone manufacturers had more guts:)

  2. @Anonymous

    This has nothing to do with Apple or AT&T, it only affects people who jailbroke their iPhones, so... it's out of the hand of any "official" company.


Related Posts with Thumbnails

Amazon Store