Over the past week there has been a lot of news over unsecured SSH on iPhone. First about the Dutch hacker who wasscanning the network for jailbroken users who had not changed their default SSH password. Now a hacker who goes by the name of “ikee” from Australia, created a worm that changes the home screen background to Rick Astley.
As I’m sure your aware by now this only affects users who have jailbroken their phone and installed OpenSSH, not just general users or who have jailbroken their device. If you have jailbroken your device and have got OpenSSH installed please read this guide on how to change your default password to ensure none of these worms or hacks will affect you.
ikee says this is how the worm spread: “The code itself is set to firstly scan the 3G IP range the phone is on, then Optus/Vodafone/Telstra’s IP Ranges (I think the reason Optus got hit so hard is because the other 2 are NAT’d) then a random 20 IP ranges. I’m guessing a few phones hit a range that another vulnerable phone was on.”
Once one phone is infected it searches for phones with the default password and then begins the process again.
Dutch Hacker Hack’s Into Jailbroken iPhone’s
How To: Change Your iPhone’s SSH Password
After today’s announcement from Telefonica Europe that O2 will unlock their iPhones to every network once the iPhone is released on other networks means that perhaps other countries will have to follow suit and therefore perhaps the end of hacking to unlock the iPhone. Blacksn0w is the latest unlocking tool from GeoHot which unlocks the latest baseband, however I’m wondering as if to how they will roll out the unlock, either by a carrier update or software update I assume. But if so it won’t take a hacker too long to work out how it’s being unlocked and simply apply it to other phones making it harder for Apple to play the cat and mouse game.
The CEO stated that iPhones will be unlocked once the contract is up, but on Pay As You Go there is no contract so surly they should be sold unlocked, however the way it was started it seems that you have to go to get it unlocked and it won’t just be rolled out. And although I’m going to keep using O2 if they roll this out I’m going to unlock my 8GB iPhone 3G before I sell it to upgrade to a 3GS. Hopefully the rest of the world follows suit and the iPhone becomes a network free device.
GeoHot has released the latest unlock for the iPhone 3G and iPhone 3GS. The unlock is for the latest 05.11.07 basband which comes with the new update (3.1.2). The unlock comes with tethering enabled to boot. To get blacksn0w simply add the blacksn0w repo blackra1n.com.