Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Root Password Hacked in Three Days

Posted by ryuzaki0 on from the not-that-it-will-do-anybody-any-good dept.

unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."

11 of 311 comments (clear)

  1. Passwords by Anonymous Coward · · Score: 3, Informative

    The password for root is "alpine"
    The "mobile" user accounts password is "dottie"

    1. Re:Passwords by antiNeo2000 · · Score: 5, Informative

      You've got it backwards. The root password is "dottie" and the mobile password is "alpine".

  2. Netinfo? by Anonymous Coward · · Score: 5, Informative

    I know I'm just an AC - so this will get modded waaaaaay down, but:

    This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.

    This is going to turn into a lot of FUD....

    1. Re:Netinfo? by Anonymous Coward · · Score: 2, Informative

      Here's a good description of how and where passwords are stored in OS X using netinfo

      http://www.dribin.org/dave/blog/archives/2006/04/2 8/os_x_passwords_2/ ....seriously - this is an issue - but even if there was a terminal app right on the main screen of the darn phone - they still couldn't log in with it. ....THEY NEED TO GET INTO NETINFO!

  3. Re:Why this won't do any good by Random832 · · Score: 2, Informative

    I think it was intended as a subtle dig at the usability of the iPhone "keyboard".

    --
    We've secretly replaced Slashdot with new Folgers Crystals - let's see if it notices.
  4. Re:Prediction... by owsla · · Score: 2, Informative

    Indeed, NetInfo is probably in place since the complete /etc/passwd has a comment suggesting such at the top:

    # User Database
    # Note that this file is consulted when the system is running in single-user
    # mode. At other times this information is handled by lookupd. By default,
    # lookupd gets information from NetInfo, so this file will not be consulted
    # unless you have changed lookupd's configuration.
    nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/false
    root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
    mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
    daemon:*:1:1::0:0:System Services:/var/root:XUU7aqfpey51o
    unknown:*:99:99::0:0:Unknown User:/var/empty:/usr/bin/false

  5. from full-disclosure by shivan · · Score: 3, Informative

    Re: [Full-disclosure] iPhone Security Settings

    From: Erik Tews (e_tewscdc.informatik.tu-darmstadt.de)
    Date: Sun Jul 01 2007 - 17:20:37 CDT

        * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif):
    > There are a couple of user with their password:
    >
    > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
    > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
    >
    > Does someone have some time to arrange a quick john session (should be
    > quick)?

    Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
    alpine (mobile)
    dottie (root)
    guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8

    Yes, it was quick

  6. Re:Law-abiding guarantee or wishful thinking? by Marton · · Score: 2, Informative

    No there isn't. Carriers in the EU have been typically too small to try and claim exclusivity in the first place. With Vodaphone and T-Mobile that's changed recently, but Nokia is still doing its best to maintain its brand and the carrier-independence of their products. They've been - fairly successfully - doing the same in the US as well. The iPhone precedent sure isn't helping their cause though.

  7. "dottie" & "alpine" by circusboy · · Score: 2, Informative

    there was a story about this yesterday somewhere...
    ah,http://launchr.blogspot.com/2007/07/iphones-pas sword-is-dottie-and-alpine.html

    --
    -- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
  8. Re:hmm... GPL? by Pius+II. · · Score: 4, Informative

    Why don't you post those lines in the context they belong, as an advisory comment in the (free as in free) bzip2 source? Oh yeah, because you prefer to badmouth people instead of checking your facts.
    For the record, here's the source.

  9. Re:Prediction... by Fred+Ferrigno · · Score: 2, Informative

    Right, $499 doesn't sound that bad for a PDA, but PDAs don't come with 2-year contracts. (About $1940 for 2 years with the cheapest iPhone plan.) Many have commented on various PDA-ish features that the iPhone is lacking, most notably support for 3rd-party apps as you mention.

    My personal conspiracy theory is that AT&T is scared that someone would release a VoIP over WiFi application, cutting down on billable minutes. Others have pointed out that the iPhone doesn't have user privilege levels, so there may be a security concern. Finally, there's just the fact that Jobs is a control freak. Any application that doesn't conform to his guidelines would ruin "the experience". One wonders how the multitude of external accessories that are bound to follow will affect the experience.