Tuesday, July 22, 2008

Possibilities for an iPhone zombie network?

I submitted this to Security.nl, but since that site is in Dutch, here's an English version.

This weekend, the iPhone Devteam released a new version of their iPhone/iPod unlock tool. This version can jailbreak version 2.0 of the iPhone software. Although you cannot use it to unlock your iPhone 3G (yet), there's little doubt many people will jailbreak their iPhone with it in order to install 3rd party apps. Jailbreaking your iPhone installs Cydia on your iPhone, allowing you to install 3rd party apps easily.

One of the apps 'featured' in Cydia is OpenSSH. It's a great way of accessing your iPhone (via SSH ofcourse). But what's not so great is that your iPhone comes with two users who have a generic password. For the root user, the password is alpine. The one for the user named mobile is unknown yet, but that probably won't take long.

The Cydia tools explains how to use Wi-Fi to connect to your phone and it does warn you that you may want to change your root password. But it forgets that your iPhone can also be connected to from the 3G/radio interface. At least here in the Netherlands, iPhone 3G's get a routed IP address, allowing you (or anyone else) to SSH into your iPhone 3G as soon as you install OpenSSH.

That combination is bad ofcourse, as there will soon be a lot of people jailbreaking their iPhone (perhaps to unlock it, when this becomes possible) and install OpenSSH perhaps not even knowing what to do with it.

So as long as those people aren't changing their root password (or when the mobile user password is found), changes are a bunch of them will be hit by autorooters, searching the internet for vulnerable iPhones. An those aren't that hard to find..

Update 2008-07-23: As rinke points out at iPhoneclub.nl, the password for user mobile is also alpine. :-/

1 comment:

Maarten said...

I can only say, I told you so...