Slashdot Mirror
iPhone Root Password Hacked in Three Days
unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."
This will get picked up by blogs, news sites - and, if we're lucky, given a good mangling by sloppy journalists in the mainstream press - as somehow meaning that any iPhone can be "broken into" by a malicious third party, and/or that all iPhones are now "insecure", and/or that iPhones - and all the personal data on them - are now, because of this, vulnerable to remote attack, when none of those things are true.
Also, from TFA and the summary:
"Having the passwords will not do anybody any good for the moment. The iPhone has no console or terminal access, so there is no way to log in as either account. In fact, nobody even seems certain that the accounts access the machine at all, some Internet commentators suggesting that the password file was left over from early development work, or was intentionally included to throw hackers off the scent."
These kind of idiotic replies to the blog post are telling:
Poetic Justice - 04/07/07
So much for Apple being the most secure OS in the world. Welcome to Microsoft's world, Jobs.
Wow, cracking a local password on a file that belongs to a device to which you have physical access?
Stop the presses!
Since iPhones don't have any kind of access that makes this "discovery" meaningful, I'm sure that people will just misunderstand the implications of this, and because of the iPhones popularity - and a lot of peoples' desire to tear it down or create any FUD they can to dissuade interested people from possibly buying an iPhone - I'm sure this and related stories will be big news.
Now we can make phone calls as root!
If Apple consider it important (ie: if there actually *is* a use for this, rather than just a false trail, or if they want to make people think that), all they need to do is update the values and/or system libraries in the next software update. They could even change the encryption *mechanism* to make it pretty-much un-brute-forceable if they wanted to. I doubt they need to do that though, just change it to a 31-character string with punctuation/digits etc.
Whereas this *is* news (hell, I'd submit it!), I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.
Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market. It only *benefits* them if there are more used phones in circulation running OSX - even if it was a hand-me-down from the big-brother/sister who went and bought the new one...
If this truly is the "third leg" of Apple's business, someone will get yelled at internally, and the next update will fix it. End of story.
Simon.
Physicists get Hadrons!
The password for root is "alpine"
The "mobile" user accounts password is "dottie"
...or could have been included to create a 'false trail' for hackers."
Or it was created to generate topics on Slashdot when it's discovered...
Perhaps this would be somewhat alarming if there was a root
user enabled in OS X to begin with.
Non sequitur: Your facts are uncoordinated.
I know I'm just an AC - so this will get modded waaaaaay down, but:
This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.
This is going to turn into a lot of FUD....
we read a story about a password to a user account on a phone and don't find that odd at all...
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Infiltrated dot Net
Yeah? That'd be great, since I *love* Jim Nabors...
The article left out the detail that the reason these passwords won't do you any good is that you only get 3 tries to enter them before your locked out. Goop lick.
--- What?
Shouldn't be hidden from me anyway, its MY phone, i bought it, its MINE.. If i want to do something stupid and brick it in the process, its my choice. ( as long as i don't go and cry to Apple for a free replacement )
---- Booth was a patriot ----
Yes, probably this is the default phone password which the phone uses to "autologin" into itself on startup, and as such isn't useful for "hacking" into the phone remotely.
But you should consider: a) the phone doesn't support custom software b) thousands of geeks who bought the phone want to write apps for it.
Maybe knowing the root login is a tiny step in that direction, if you get what I mean. I have the feeling we'll be seeing AT&T disabling remotely phones that have been hacked with custom apps. Same as MS did with modded XBOX360.
Then I guess it is a multiuser system, then several people should be able to login, ah..., make phone call, on the same phone simultaneously. God, this is revolutionary! I have never seen a phone like this.
The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers.
Even better, I suspect this is the major reason Leopard was delayed. iPhone's software was completed all along: all those OSX developers were assigned to create numerous false trails for hackers, on the iPhone.
I would be impressed if korn is running on any stty, as there really should be no need for running a shell on a production unit. I am not going to believe this "trying to throw off" business, though... That USB interface is just way too handy to not do terminal interfacing during development/testing... The trick is understanding how they were interfacing to it, though. I strongly suspect that it is just a matter of time before someone invests the time to figure it out...
In my opinion, the biggest news here is not as how it was reported, but rather that people now can easily modify the default image and try booting it on the iPhone...
I'm wondering if perhaps Apple wants the phone cracked. AT&T doesn't control activation, Apple does. If the phone is cracked then people could buy an iPhone and if another carrier was willing, activate it with some other carrier than AT&T. There are lots of people out there who can't stand AT&T so it's not as if we're only talking about 2 or 3 hackers doing this.
Jobs could play the innocent claiming that hackers did it all the while happy that yet another iPhone went out the door.
Re: [Full-disclosure] iPhone Security Settings
From: Erik Tews (e_tewscdc.informatik.tu-darmstadt.de)
Date: Sun Jul 01 2007 - 17:20:37 CDT
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif):
> There are a couple of user with their password:
>
> root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
> mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
>
> Does someone have some time to arrange a quick john session (should be
> quick)?
Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
alpine (mobile)
dottie (root)
guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8
Yes, it was quick
Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market.
Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
Most of the time they update the iPod firmware only to give it compatibility with the latest iTunes, and these days, the only updates to iTunes are security fixes and bloat (the glorified pedometer, Apple TV, the iPhone, etc. Anyone else remember when you could sync contacts and appointments onto your iPod through iSync?) My second-gen nano (or Mini, or whatever the hell it's called these days) still crashes 50% of the time when I go to play a podcast after syncing it with my mac. I'm not holding my breath waiting for them to fix it.
Please help metamoderate.
If the iPhone OS handles root in the same manner as MacOS X, then the root user would have to be enabled somehow before anyone could use the account anyway. So, show me how to hack the password and enable the account, then write an article that is more than FUD.
No there isn't. Carriers in the EU have been typically too small to try and claim exclusivity in the first place. With Vodaphone and T-Mobile that's changed recently, but Nokia is still doing its best to maintain its brand and the carrier-independence of their products. They've been - fairly successfully - doing the same in the US as well. The iPhone precedent sure isn't helping their cause though.
So since the firmware restore image is out in the open, is it possible to emulate an ARM CPU in QEMU and boot the image? That would be interesting to find out.
When you have spent $350 on an iPod, $2500 on a MacBook Pro and $3500 on a Mac Pro--$500 to $600 on an iPhone is peanuts. Yummmm.....that Kool aid sure tastes good!!!
Badges!?! We don't need no stinking badges!
Anyone find her iphone yet? Id like to see another movie....
there was a story about this yesterday somewhere...s sword-is-dottie-and-alpine.html
ah,http://launchr.blogspot.com/2007/07/iphones-pa
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
So we have a username and password, great. Now where's the login prompt?
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Why don't you post those lines in the context they belong, as an advisory comment in the (free as in free) bzip2 source? Oh yeah, because you prefer to badmouth people instead of checking your facts.
For the record, here's the source.
Maybe because I was walking out of work to enjoy a nice day off tomorrow and managed to see this story before grabbing the file and doing a quick strings/grep for GPL? Way to ascribe malice there, though. Thanks a ton - hope that attitude works out for you.
Mea culpa, but no need to be a jerk.