iPhone Root Password Hacked in Three Days

← Back to Stories (view on slashdot.org)

iPhone Root Password Hacked in Three Days

Posted by ryuzaki0 on Tuesday July 3, 2007 @05:02AM from the not-that-it-will-do-anybody-any-good dept.

unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."

50 of 311 comments (clear)

Prediction... by daveschroeder · 2007-07-03 05:04 · Score: 4, Insightful

This will get picked up by blogs, news sites - and, if we're lucky, given a good mangling by sloppy journalists in the mainstream press - as somehow meaning that any iPhone can be "broken into" by a malicious third party, and/or that all iPhones are now "insecure", and/or that iPhones - and all the personal data on them - are now, because of this, vulnerable to remote attack, when none of those things are true.

Also, from TFA and the summary:

"Having the passwords will not do anybody any good for the moment. The iPhone has no console or terminal access, so there is no way to log in as either account. In fact, nobody even seems certain that the accounts access the machine at all, some Internet commentators suggesting that the password file was left over from early development work, or was intentionally included to throw hackers off the scent."

These kind of idiotic replies to the blog post are telling:

Poetic Justice - 04/07/07
So much for Apple being the most secure OS in the world. Welcome to Microsoft's world, Jobs.

Wow, cracking a local password on a file that belongs to a device to which you have physical access?

Stop the presses!

Since iPhones don't have any kind of access that makes this "discovery" meaningful, I'm sure that people will just misunderstand the implications of this, and because of the iPhones popularity - and a lot of peoples' desire to tear it down or create any FUD they can to dissuade interested people from possibly buying an iPhone - I'm sure this and related stories will be big news.
1. Re:Prediction... by daveschroeder · 2007-07-03 05:10 · Score: 5, Insightful
  
  Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.
  
  In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.
2. Re:Prediction... by Dahamma · 2007-07-03 05:27 · Score: 5, Funny
  
  Since iPhones don't have any kind of access that makes this "discovery" meaningful
  
  That pretty much sums up how useless this article was.
  
  By the way, if anyone wants it, you can have the combination to my luggage.
3. Re:Prediction... by untaken_name · 2007-07-03 05:29 · Score: 5, Funny
  
  Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.
  
  In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.
  
  Doesn't the price tag already do that?
  
  --
  http://xkcd.com/386/
4. Re:Prediction... by m0nkyman · 2007-07-03 05:40 · Score: 5, Funny
  
  If it isn't one of the following I'd be shocked:
  123 000 999 666
  
  Those four will open 99% of all luggage in the world that doesn't contain a laptop, cash or a gun.
  
  --
  ~ a low user id is no indication I have a clue what I'm talking about.
5. Re:Prediction... by daveschroeder · 2007-07-03 05:43 · Score: 3, Insightful
  
  I do have little regard for remote exploits that haven't occurred.
  
  I have a very high regard, on the other hand, for remote exploits that have occurred or are shown to be possible.
  
  You're making a string of assumptions - that the password is even usable (which it may not be), that a remote exploit via the browser is possible, and that even if both happen, that this enables some higher level of access.
  
  Are all of those things possible? Perhaps. But all of those have to be provably true before it justifies knee jerks that the iPhone is somehow "insecure", which are already happening around the blogs.
  
  Also, I didn't say it was nothing. I said this story will probably get mangled to imply that - right now - it's somehow possible or very likely possible to "break into" iPhones remotely. And that's patently incorrect.
6. Re:Prediction... by Anonymous Coward · 2007-07-03 06:08 · Score: 5, Insightful
  
  I know the Gizmodo-troll types think "unbiased" means one can not state the truth, but in reality, "unbiased" means not having any reason to say something that isn't true.
  
  Unbiased does not mean stating both sides equally, because both sides are not always equal. An unbiased opinion on Iraq does not spend half the time saying the war is going well if it's not.
  
  An unbiased opinion on the iPhone does not hesitate to points out its limitations, but doesn't have to spend "equal" time on being negative about it, if its flaws do not warrant it.
  
  The iPhone is quite obviously a good product, with some limitations that might not work out for some people. It is not a 50/50 or middle of the road product, and compared to competitive landscape, it is very impressive on a number of levels.
  
  Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.
7. Re:Prediction... by untaken_name · 2007-07-03 07:39 · Score: 5, Funny
  
  Well, I'd just say that someone who reads/posts to /. doesn't fit *my* vision of of a "normal person". Maybe that's geekist of me.
  
  --
  http://xkcd.com/386/
8. Re:Prediction... by Fred+Ferrigno · 2007-07-03 08:32 · Score: 4, Insightful
  
  The iPhone is also quite obviously very expensive. Price is a key factor in deciding whether or not a product a worthwhile purchase. It may have superior features, but it's pretty close to a middle-of-the-road product in terms of value. It's not so unreasonable to say that it might be pretty good, but in order to be a good value for its price, it needs to be even better (or cheaper).
  
  Also, FYI: If you want to claim the moral high ground on name-calling, then you might want to reconsider labeling people who disagree with you trolls.
9. Re:Prediction... by untaken_name · 2007-07-03 08:36 · Score: 3, Funny
  
  Oh, you mean it's like a law degree! Got it. My mistake.
  
  --
  http://xkcd.com/386/
10. Re:Prediction... by Anonymous Coward · 2007-07-03 10:13 · Score: 5, Funny
  
  Those four will open 99% of all luggage in the world that doesn't contain a laptop, cash or a gun.
  I don't get it. What world doesn't contain a laptop, cash, or a gun, and yet has luggage?
11. Re:Prediction... by Anonymous Coward · 2007-07-03 10:45 · Score: 5, Funny
  
  Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.
  Exactly, because the proper term is "fanboi".
12. Re:Prediction... by mr_matticus · 2007-07-03 11:13 · Score: 3, Insightful
  
  Parsing error!
  
  You don't have to call someone a "fanboy" to disagree with them. People who throw around the word "fanboy" left and right in an empty attempt to devalue sound comments are just Ballmeresque, foaming-at-the-mouth trolls.
  
  You can happily criticize Apple and their supporters and engage in disagreements with them without having to resort to "you're a fanboy so your whole thought process is invalid" attacks.
  
  Parent did not label people who disagreed with him "trolls." That title was reserved to a specific, hostile subset of those who disagree.
13. Re:Prediction... by that+this+is+not+und · 2007-07-03 12:11 · Score: 3, Insightful
  
  No, it's like Palm Pilots were back in about 1997.
  
  The cool thing is, they're pretty good pieces of equipment, and now that they're not 'hip and cool' you can get them for pennies on the (original) dollar on Ebay. And you can do a lot of cool stuff with a 68K dragonball processor in that form factor. They're one hell of a deal at the current market value of $5-15 each.
  
  We can have similar hopes for the iPhone. Who knows what cool stuff we'll be doing with them five years from now. Hopefully when we crack them open, Apple won't have dongled them to the state of worthless.
Whoo-hoo by gtrubetskoy · 2007-07-03 05:05 · Score: 5, Funny

Now we can make phone calls as root!
1. Re:Whoo-hoo by skuzzlebutt · 2007-07-03 05:16 · Score: 5, Funny
  
  yeah, instead of having to sudo to call my girlfriend...what a pain.
  
  --
  My debut novel AMITY now available: http://jeremydbrooks.c
2. Re:Whoo-hoo by Silver+Sloth · 2007-07-03 05:34 · Score: 5, Funny
  
  Come on, this is /.
  
  You don't call your girlfriend, you download her videos from Pirate Bay.
  
  --
  init 11 - for when you need that edge.
3. Re:Whoo-hoo by Control+Group · 2007-07-03 05:43 · Score: 5, Funny
  
  But then she'll make you a sandwich.
  
  [It's only been 18 seconds since I hit reply, and, in order to give everyone a chance to post, slashdot requires me to slow down, cowboy!]
  
  --
  
  Reality has a conservative bias: it conserves mass, energy, momentum...
4. Re:Whoo-hoo by Belacgod · 2007-07-03 06:31 · Score: 5, Funny
  
  Two hackers are struggling for control of a zombied machine...what do you call that?
  Sudo wrestling.
  Thanks, I'll be here all night.
Not that big a deal by Space+cowboy · 2007-07-03 05:05 · Score: 4, Insightful

If Apple consider it important (ie: if there actually *is* a use for this, rather than just a false trail, or if they want to make people think that), all they need to do is update the values and/or system libraries in the next software update. They could even change the encryption *mechanism* to make it pretty-much un-brute-forceable if they wanted to. I doubt they need to do that though, just change it to a 31-character string with punctuation/digits etc.

Whereas this *is* news (hell, I'd submit it!), I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.

Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market. It only *benefits* them if there are more used phones in circulation running OSX - even if it was a hand-me-down from the big-brother/sister who went and bought the new one...

If this truly is the "third leg" of Apple's business, someone will get yelled at internally, and the next update will fix it. End of story.

Simon.

--
Physicists get Hadrons!
1. Re:Not that big a deal by Leto-II · 2007-07-03 05:26 · Score: 5, Funny
  
  I'd submit it!
  
  Is this like the geek equivalent of the frat-boy phrase, "I'd hit it!"?
  
  --
  Do not anger the worm.
2. Re:Not that big a deal by spotter · 2007-07-03 05:34 · Score: 3, Interesting
  
  you don't go after breaking the password, you go after finding where apple stored it. If it's encrypted, the iphone has to be able to decrypt it, therefore has to have the password available.
  
  see how the original xbox hacker (whose name I forget) captured it's encryption key by "simply" (yeah, not that simple) monitoring the bus.
3. Re:Not that big a deal by 0xdeadbeef · 2007-07-03 06:07 · Score: 4, Interesting
  
  I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.
  
  Then you understand nothing. The iPhone critics are thinking "this is a fully-fledged handheld computer, running the same operating system as my laptop, that has been intentionally crippled to protect the artificial market segmentation desired by AT&T and Apple."
Passwords by Anonymous Coward · 2007-07-03 05:07 · Score: 3, Informative

The password for root is "alpine"
The "mobile" user accounts password is "dottie"
1. Re:Passwords by techpawn · 2007-07-03 05:23 · Score: 5, Funny
  
  More secure than Microsoft whose default passwords are usually blank.
  
  --
  Ask not what you can do for your country. Ask what your country did to you
2. Re:Passwords by Anonymous Coward · 2007-07-03 05:27 · Score: 5, Funny
  
  Apple is fucked. Btw "root alpine" is an anagram for "rape lotion", how appropriate.
3. Re:Passwords by antiNeo2000 · 2007-07-03 05:50 · Score: 5, Informative
  
  You've got it backwards. The root password is "dottie" and the mobile password is "alpine".
4. Re:Passwords by catmistake · 2007-07-03 08:12 · Score: 5, Funny
  
  You've got it upside down.
  The password for alpine is root, the dottie user account password is mobile.
  
  --
  The Admin and the Engineer
5. Re:Passwords by Man+Eating+Duck · 2007-07-03 08:58 · Score: 5, Funny
  
  Btw "root alpine" is an anagram for "rape lotion"
  Huh? For a moment I wondered how that occurred to you, but on the other hand I don't really want to know...
  
  --
  Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
6. Re:Passwords by uufnord · 2007-07-03 09:54 · Score: 5, Funny
  
  Everyone's got it upside down.
  
  The root password is au!dle
  
  The mobile password is a!++op
Created for... by whisper_jeff · 2007-07-03 05:11 · Score: 5, Funny

...or could have been included to create a 'false trail' for hackers."

Or it was created to generate topics on Slashdot when it's discovered...
Root user... by God+of+Lemmings · 2007-07-03 05:12 · Score: 3, Insightful

Perhaps this would be somewhat alarming if there was a root
user enabled in OS X to begin with.

--
Non sequitur: Your facts are uncoordinated.
Netinfo? by Anonymous Coward · 2007-07-03 05:16 · Score: 5, Informative

I know I'm just an AC - so this will get modded waaaaaay down, but:

This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.

This is going to turn into a lot of FUD....
phew by packetmon · 2007-07-03 05:21 · Score: 5, Funny

Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8
For a second I was imagining the hoRRORble marketing money they would have had to spend if they would have cracked it and it would have read:
windows (mobile) blows (root) or gates (mobile) sucks (root)

--
Infiltrated dot Net
Why this won't do any good by sjonke · 2007-07-03 05:37 · Score: 3, Funny

The article left out the detail that the reason these passwords won't do you any good is that you only get 3 tries to enter them before your locked out. Goop lick.

--
--- What?
1. Re:Why this won't do any good by iabervon · 2007-07-03 05:55 · Score: 3, Insightful
  
  Actually, the reason these passwords won't do you any good is that you don't get any chances to enter them, because it doesn't have a login prompt on anything that's exposed in production phones.
Passwords on my device by nurb432 · 2007-07-03 05:38 · Score: 3, Interesting

Shouldn't be hidden from me anyway, its MY phone, i bought it, its MINE.. If i want to do something stupid and brick it in the process, its my choice. ( as long as i don't go and cry to Apple for a free replacement )

--
---- Booth was a patriot ----
1. Re:Passwords on my device by mr_spatula · 2007-07-03 05:46 · Score: 4, Insightful
  
  If it's really YOURS, then why do you have to activate it via AT&T before it can be used, eh?
2. Re:Passwords on my device by srvivn21 · 2007-07-03 08:56 · Score: 3, Insightful
  
  Shouldn't be hidden from me anyway, its MY phone, i bought it, its MINE.. If i want to do something stupid and brick it in the process, its my choice. ( as long as i don't go and cry to Apple for a free replacement ) It is your phone. If you want to brick it (or sell it, or use it as a hammer), feel free.
  
  The software that comes with the phone (of which these hidden passwords are a part of) is not yours. You are licensed to use it, post activation.
Re:root disabled? by tgatliff · 2007-07-03 06:10 · Score: 4, Interesting

I would be impressed if korn is running on any stty, as there really should be no need for running a shell on a production unit. I am not going to believe this "trying to throw off" business, though... That USB interface is just way too handy to not do terminal interfacing during development/testing... The trick is understanding how they were interfacing to it, though. I strongly suspect that it is just a matter of time before someone invests the time to figure it out...

In my opinion, the biggest news here is not as how it was reported, but rather that people now can easily modify the default image and try booting it on the iPhone...
I'm wondering if it's intentional by jmichaelg · 2007-07-03 06:11 · Score: 4, Interesting

I'm wondering if perhaps Apple wants the phone cracked. AT&T doesn't control activation, Apple does. If the phone is cracked then people could buy an iPhone and if another carrier was willing, activate it with some other carrier than AT&T. There are lots of people out there who can't stand AT&T so it's not as if we're only talking about 2 or 3 hackers doing this.

Jobs could play the innocent claiming that hackers did it all the while happy that yet another iPhone went out the door.
from full-disclosure by shivan · 2007-07-03 06:15 · Score: 3, Informative

Re: [Full-disclosure] iPhone Security Settings From: Erik Tews (e_tewscdc.informatik.tu-darmstadt.de) Date: Sun Jul 01 2007 - 17:20:37 CDT * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif): > There are a couple of user with their password: > > root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh > mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh > > Does someone have some time to arrange a quick john session (should be > quick)? Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8 Yes, it was quick
they've never done it for iPods... by SuperBanana · 2007-07-03 06:18 · Score: 3, Interesting

Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market.
Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
Most of the time they update the iPod firmware only to give it compatibility with the latest iTunes, and these days, the only updates to iTunes are security fixes and bloat (the glorified pedometer, Apple TV, the iPhone, etc. Anyone else remember when you could sync contacts and appointments onto your iPod through iSync?) My second-gen nano (or Mini, or whatever the hell it's called these days) still crashes 50% of the time when I go to play a podcast after syncing it with my mac. I'm not holding my breath waiting for them to fix it.

--
Please help metamoderate.
1. Re:they've never done it for iPods... by voidptr · 2007-07-03 06:41 · Score: 5, Insightful
  
  Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
  Most iPods have radically different hardware than the previous generation too. In addition, there's some accounting rules that come into play with adding functions to something you already shipped and booked the revenue for. Once I've sold you a widget, if I spend any more engineering time to add something to it, I have to find revenue that pays for that somewhere. It's not a problem with OS X, because the $129 Leopard upgrade pays for the engineering in Leopard, not the revenue they already booked and reported when I bought the Mac in the first place.
  
  Apple stated on their last quarter conference call they're changing the way they book AppleTV and iPhone revenues to spread it out over 8 quarters, so they don't have that problem. Even though they get $600 today for an iPhone sold, they don't actually put the whole thing in the books right away as recognized revenue, they apply it over the next two years to ongoing engineering for existing units. Exactly what they'll do with that ability remains to be seen, but they've at least publicly stated their intent to improve the platform for early adopters.
  
  --
  This .sig for unofficial government use only. Official use subject to $500 fine.
Like MacOS X? by iso-cop · 2007-07-03 06:42 · Score: 3, Insightful

If the iPhone OS handles root in the same manner as MacOS X, then the root user would have to be enabled somehow before anyone could use the account anyway. So, show me how to hack the password and enable the account, then write an article that is more than FUD.
Emulation/Virtualization by CompMD · 2007-07-03 07:57 · Score: 4, Interesting

So since the firmware restore image is out in the open, is it possible to emulate an ARM CPU in QEMU and boot the image? That would be interesting to find out.
1. Re:Emulation/Virtualization by GreyWolf3000 · 2007-07-03 10:34 · Score: 3, Insightful
  
  It's one thing to emulate a CPU, it's quite another to emulate a CPU and all of the peripherals that are attached to it. It's also another stretch to get all of them configured in such a way that what you're emulating is binary compatible with the host firmware. Especially if you have peripherals sitting on the same die as the ARM processor running off of asynchronous clock domains.
  I think there's a company that managed to develop a software emulator for TI omap chips...I never had a chance to try it and see if it works.
  
  --
  Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
Ummmm..... by HeavyDevelopment · 2007-07-03 08:39 · Score: 4, Insightful

When you have spent $350 on an iPod, $2500 on a MacBook Pro and $3500 on a Mac Pro--$500 to $600 on an iPhone is peanuts. Yummmm.....that Kool aid sure tastes good!!!

--
Badges!?! We don't need no stinking badges!
Paris Hilton by jmickle · 2007-07-03 09:02 · Score: 5, Funny

Anyone find her iphone yet? Id like to see another movie....
Re:hmm... GPL? by Pius+II. · 2007-07-03 10:57 · Score: 4, Informative

Why don't you post those lines in the context they belong, as an advisory comment in the (free as in free) bzip2 source? Oh yeah, because you prefer to badmouth people instead of checking your facts.
For the record, here's the source.