Securing Your iPhone Jailbreak

Between the harmless but cautionary Rickrolling worm and the much less friendly iPhone/Privacy.A worm that was able to access personal data without any indication, iPhone jailbreaking has been getting a lot of coverage lately- though not necessarily the kind of coverage the community wants or needs. On top of the recent influx of worms, jailbreakers also have to worry about Apple’s repeated attempts to shut it all down via software and hardware updates, as well as all the usual security issues that any wi-fi enabled mobile device may be susceptible to. To those who have already jailbroken, or are considering making the jump- fear not! Your jailbroken iPhone can be just as, if not even more secure than any stock iPhone. Here are a few tips.

1) Change SSH Default Passwords

This is an absolute must for any jailbreaker who installs SSH on their device. Both the Rickrolling and iPhone/Privacy.A worms permeated by locating jailbroken iPhones over wi-fi and logging in via SSH with a default password. To change your default root and mobile passwords:

•Install Mobile Terminal

If you haven’t already, install the free Mobile Terminal app from the Cydia store.

Open and Login to root

Open Mobile Terminal; at the prompt, type “su” to login to root. Now type the default password, “alpine” (no quotes).

Change the default root password

Once logged in, type “passwd” (the UNIX command to change the password of the current user). Now type the password you wish to change it to (please, anything but “alpine”). Re-type it when prompted. Don’t forget your password!

Change the default mobile password

Now type “passwd mobile” and hit return. Type the old password (again, the default is “alpine”). Type in your new password, and re-type it again when prompted- it can be the same as your root password, just please don’t use “alpine”.

2) Be aware of your surroundings

Just like on your laptop, be aware that when using an unsecured wi-fi access point of unknown origin, there is always a chance (albeit a small one) that some unscrupulous hacker is out there sniffing out the data you are transmitting. You don’t have to be paranoid, but if you’re looking at really sensitive data and you’re not at home, you might want to opt for 3G over wi-fi. In addition to changing your default SSH passwords (you did that already, right?), you should probably also turn off SSH when not in use.

2) Wait to update

If you’ve been a jailbreaker for any amount of time, you probably already know that when Apple releases an iPhone software update, there is a good chance it will negate your jailbreak. That is until the iPhone Dev Team hackers are able to surpass Apple’s new defenses and release a new jailbreak tool. So if you plan on keeping your jailbreak, it might be a good idea to wait a few days after an update to patch your phone.

3) “Lockdown” app

In addition to turning on the built-in Passcode Lock in your system settings, if you’re really serious about protecting your personal data and bombarding yourself with constant password entry, jailbreakers have the option to install the free Lockdown appfrom the Cydia store. Lockdown allows you to either lock all your apps or specify a list so when you (or the sly dog who is using your iPhone) attempt to open an app, you are required to enter a numeric passcode.

4) Know What You’re Downloading

Jailbreaking gives you a whole lot more power over your iPhone. Apps can access areas and features of your phone that Apple would prefer to keep under wraps- sometimes for good reason. Take SSH for example. A lot of users downloaded OpenSSH because who wouldn’t want to access their entire iPhone file system wirelessly? Some people failed to read the included documentation that warned to change the default passwords and left themselves open to attack. So do yourself a favor and make sure you know exactly what that app from Cydia does before you go ahead and install it. Do your research and use common sense- because with great power comes great responsibility.

Follow Mike Keller and GeekTech on Twitter.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Security Watch Newsletter

Comments