Secure your Jailbroken iPhone

With the recent buzz about worms and malicious stuff coming in through your own fault for not changing the Root password on your iPhone or… Installing BSD tools/SSH In the first place. It’s easy to see if you’re vulnerable or not.

The first thing to check is if your iPhone is jailbroken. If it’s not you’re safe. If it is, continue.

If your phone is jailbroken. Connect your iPhone to your Wifi network and with a SSH enabled computer, any Mac/Linux machine by default, try to connect to your iPhone.

Simply open a Shell/Terminal and type:

ssh root@tachikoma.local

Obviously replace ‘tachikoma.local’ with the hostname or IP address of your own iPhone.

If you get a reply like this:

ssh: connect to host tachikoma.local port 22: Connection refused

SSH is not allowed and thus disabled. You’re save.

If it however prompts you for a Password or asks you to save a Secret Key. Then SSH is enabled. If you then can login with the password ‘dottie’ or ‘alpine’, you’re vulnerable to the various worms and any idiot on your wifi (or whatever wifi you connect to on the way).

To fix this, simply open the terminal on your iPhone or log in via SSH using the above method and change the password by typing:

passwd

Follow the onscreen instruction to actually change it and restart your iPhone.
That’s all.

On a sidenote: Despite what others say, it is highly recommended that you do not bother with the 3rd party software made available when your iPhone is Jailbroken. This software is considered instable. I’ve seen many iPhones go crazy from all the springboard hacks or software that wasn’t written properly. While it may be an easy fix for the various “flaws” in the iPhone it also can bring a lot of misery along with it.