My iPhone is jailbroken - is it insecure?

by Jason Clarke (RSS feed) Nov 26th 2009 at 11:00AM

Hacked iPhone There has been a lot of attention given to some recent iPhone hacks that potentially affect users of jailbroken iPhones, especially now that a malicious attack has been discovered. If you've jailbroken your phone, and you are worried about whether you are potentially vulnerable, here's a simple answer:

If you have not installed OpenSSH (or any other SSH package), you are not vulnerable to the current attacks.

To check this, go into the Cydia installer app on your jailbroken iPhone, tap the Manage button, tap the Packages button, and scroll alphabetically through the list of installed packages looking for OpenSSH. If it's not there, you're good, you can relax. If you're using an alternative installer like Rock the steps will be much the same.

If OpenSSH is there, you can follow this guide from our friends over at TUAW to change your iPhone's root and mobile passwords.

Tags: hacks, iphone, jailbr, jailbreak, malicious attack, MaliciousAttack, openssh, passwords

iPhone / Android Developer

Bump Technologies, Inc. - Mountain View, CA (2 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Evenio said 11:47AM on 11-26-2009

Kudos for posting this bit of anti-FUD goodness!

blaszta said 2:41PM on 11-26-2009

If you jailbreak your iphone and install SSH, also install SBSettings. It will provide you quick access to disable and enable SSH service/daemon.

Also as best practice, replace the default root password (alpine) using command "passwd" in terminal (if you don't have it, you can also install it from Cydia).

Please keep in mind that if you forgot your new root password, the only way to SSH back to your iPhone is by restoring it using default/custom firmware

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

Featured Time Waster

Level Up! A platform-hopping RPG Time-Waster

I don't know if this is a labor of love or merely the brainchild of four very gifted games designers, but Level Up is a really weird mash-up of gaming elements that you have probably never seen in a Flash game before. Let's start with the premise itself: Groundhog Day meets Memento. The game experience revolves around 'days': you explore the world and the clock slowly ticks towards the evening. You bounce around picking up gems and talking to the denizens of 'Level Upland'. Eventually you feel tired and head back to ...

View more Time Wasters

Latest Jobs from Download Squad Jobs

Post a Job

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	82	8
2	Jason Clarke	75	6
3	Lee Mathews	72	20
4	Sebastian Anthony	57	179
5	Brad Linder	26	2
6	John Burke	21	4
7	Erez Zukerman	16	8
8	Shane Kempton	7	0
9	Dolores Parker	3	3
10	Nik Fletcher	1	0
11	Matt Heerema	1	0
12	Donald Dale Milne	1	0

More Tech Coverage

Control Shift It's all about the experience
Download Squad on Facebook Our official Facebook page!
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web