Nov 03 2009

Turn off SSH on your jailbroken iPhone!

Jailbreaking an iPhone unlocks some very useful features that the iPhone is lacking and gives you the control over your device that you should have in the first place.  Just getting access to the xGPS project and it’s turn by turn directions has been more than enough reason for my friend Bob to jailbreak his phone multiple times.  But as Uncle Ben once told Peter Parker, “With great power comes great responsibility.”  Apple locked down the iPhone in part to protect users from the bad guys out there and if you’re in the Netherlands with a jailbroken iPhone, you may be regretting having a taken your security into your own hands.

A Dutch hacker has started breaking into iPhones that have been jailbroken and left SSH running with the default root password.  This enabled the hacker to log into the iPhones and send the owner a message telling them their iPhone is insecure.  It goes on to give them a link and asks for 5 euros in order to secure the phone.  This has been sighted on a relatively few iPhones so far, but it’s not inconceivable that this could be weaponized and used on a much wider scale.

This just highlights that the act of jailbreaking your iPhone or hacking any manufacturer’s device places the onus of securing the device back on the owner rather than on the manufacturer.  I have no problem complaining about companies like Time Warner who’ve consistently given their users given their users insecure routers.  The company is supplying and configuring the device, the responsibility (and the power) to secure the routers is theirs and theirs alone.  The user has no ability to make changes and in most cases, probably doesn’t know much more than how to plug the router in and turn it on. 

But once you’ve taken the steps to jailbreak an iPhone or hack your router, you’ve relieved the company of that responsibility.  It may not take much, but if you’ve done the necessary research to download the tools to free your device, you are also taking on the responsibility of securing the same device.  So take the time to do a little more research and figure out what steps you need to take beyond just jailbreaking to secure your iPhone, or whatever device you’re hacking into today.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “Turn off SSH on your jailbroken iPhone!”

  1. […] mentioned a couple of days ago that once you jailbreak your iPhone, you’ve bypassed many of the security protections Apple put in ….  One of the biggest concerns once you do this is the SSH service running on the iPhone, since […]

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: