I have a Droid which runs Google’s Android Operating System and have the ability to run applications from any source on my phone. After all I own it, I should be able to do with it what I want. There is however a notice which requires me to acknowledge that I am installing something from an unknown source and accept the associated risk. iPhone users do not have that same functionality. They have to use software provided by developers who provide “Jailbreak” software and usually an associated application to download software from some third party application source.
Enabling SSH is a common procedure for jailbroken iPhones, allowing a user to log in via a Terminal emulator and gives the user\software the ability to run OS level commands. Unfortunately, not all Jailbreak software provides that simple step of changing the default password. iPhones have a default root password which leaves this security hole that people are taking advantage of.
There are some simple steps you can follow to secure this particular vulnerability. Install some terminal emulator on the iPhone to access a command line. Enter “su root” to access root level, enter “alpine” which is your default password. From there change your password using the passwd command. You will be prompted to enter a new password. (Hint: don’t use apline).
I was wondering what the Jailbreak community thinks of their responsibility to the people they provide their software (Jailbreak services) to. Do they currently provide a warning to the user of the software about this potential issue? Should they release a patch which prompts the user to reset their default password? Could this be avoided if Apple would allow 3rd party applications on the iPhone? All software you install has some level of vulnerability but with the proper support from the vendor, I think it could be better managed than it is today for the iPhone.