Thursday, 5 November 2009

SSH Security issues on Jailbroken iPhones

Jailbreaking ( an iPhone unlocks some very useful features that the iPhone is lacking and gives you the control over your device that you should have in the first place. Just getting access to the xGPS project and it’s turn by turn directions has been more than enough reason for many people to jailbreak a phone.
But as Uncle Ben once told Peter Parker, “With great power comes great responsibility.” Apple locked down the iPhone in part to protect users from the bad guys out there, and if you’re in parts of central Europe with a jailbroken iPhone you may be regretting having a taken your security into your own hands.

A Dutch hacker has started breaking into iPhones that have been jailbroken and left SSH running with the default root password. This enabled the hacker to log into the iPhones and send the owner a message telling them their iPhone is insecure. It goes on to give them a link and asks for 5 euros in order to secure the phone. This has been sighted on a relatively few iPhones so far, but it’s not inconceivable that this exploit could be used on a much wider scale.

This just highlights that the act of jailbreaking your iPhone or hacking any manufacturer’s device places the onus of securing the device back on the owner rather than on the manufacturer.

Once you’ve taken the steps to jailbreak an iPhone you’ve relieved Apple of the security responsibility. It may not take much, but if you’ve done the necessary research to download the tools to free your device, you are also taking on the responsibility of securing the same device. So take the time to do a little more research and figure out what steps you need to take beyond just jailbreaking to secure your iPhone.

No comments:

Post a Comment