iPhone Root Password Hacked in Three Days

← Back to Stories (view on slashdot.org)

iPhone Root Password Hacked in Three Days

Posted by ryuzaki0 on Tuesday July 3, 2007 @05:02AM from the not-that-it-will-do-anybody-any-good dept.

unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."

25 of 311 comments (clear)

Whoo-hoo by gtrubetskoy · 2007-07-03 05:05 · Score: 5, Funny

Now we can make phone calls as root!
1. Re:Whoo-hoo by skuzzlebutt · 2007-07-03 05:16 · Score: 5, Funny
  
  yeah, instead of having to sudo to call my girlfriend...what a pain.
  
  --
  My debut novel AMITY now available: http://jeremydbrooks.c
2. Re:Whoo-hoo by Silver+Sloth · 2007-07-03 05:34 · Score: 5, Funny
  
  Come on, this is /.
  
  You don't call your girlfriend, you download her videos from Pirate Bay.
  
  --
  init 11 - for when you need that edge.
3. Re:Whoo-hoo by Control+Group · 2007-07-03 05:43 · Score: 5, Funny
  
  But then she'll make you a sandwich.
  
  [It's only been 18 seconds since I hit reply, and, in order to give everyone a chance to post, slashdot requires me to slow down, cowboy!]
  
  --
  
  Reality has a conservative bias: it conserves mass, energy, momentum...
4. Re:Whoo-hoo by Belacgod · 2007-07-03 06:31 · Score: 5, Funny
  
  Two hackers are struggling for control of a zombied machine...what do you call that?
  Sudo wrestling.
  Thanks, I'll be here all night.
Re:Prediction... by daveschroeder · 2007-07-03 05:10 · Score: 5, Insightful

Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.

In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.
Created for... by whisper_jeff · 2007-07-03 05:11 · Score: 5, Funny

...or could have been included to create a 'false trail' for hackers."

Or it was created to generate topics on Slashdot when it's discovered...
Netinfo? by Anonymous Coward · 2007-07-03 05:16 · Score: 5, Informative

I know I'm just an AC - so this will get modded waaaaaay down, but:

This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.

This is going to turn into a lot of FUD....
phew by packetmon · 2007-07-03 05:21 · Score: 5, Funny

Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS]) alpine (mobile) dottie (root) guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8
For a second I was imagining the hoRRORble marketing money they would have had to spend if they would have cracked it and it would have read:
windows (mobile) blows (root) or gates (mobile) sucks (root)

--
Infiltrated dot Net
Re:Passwords by techpawn · 2007-07-03 05:23 · Score: 5, Funny

More secure than Microsoft whose default passwords are usually blank.

--
Ask not what you can do for your country. Ask what your country did to you
Re:Not that big a deal by Leto-II · 2007-07-03 05:26 · Score: 5, Funny

I'd submit it!

Is this like the geek equivalent of the frat-boy phrase, "I'd hit it!"?

--
Do not anger the worm.
Re:Prediction... by Dahamma · 2007-07-03 05:27 · Score: 5, Funny

Since iPhones don't have any kind of access that makes this "discovery" meaningful

That pretty much sums up how useless this article was.

By the way, if anyone wants it, you can have the combination to my luggage.
Re:Passwords by Anonymous Coward · 2007-07-03 05:27 · Score: 5, Funny

Apple is fucked. Btw "root alpine" is an anagram for "rape lotion", how appropriate.
Re:Prediction... by untaken_name · 2007-07-03 05:29 · Score: 5, Funny

Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.

In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.

Doesn't the price tag already do that?

--
http://xkcd.com/386/
Re:Prediction... by m0nkyman · 2007-07-03 05:40 · Score: 5, Funny

If it isn't one of the following I'd be shocked:
123 000 999 666

Those four will open 99% of all luggage in the world that doesn't contain a laptop, cash or a gun.

--
~ a low user id is no indication I have a clue what I'm talking about.
Re:Passwords by antiNeo2000 · 2007-07-03 05:50 · Score: 5, Informative

You've got it backwards. The root password is "dottie" and the mobile password is "alpine".
Re:Prediction... by Anonymous Coward · 2007-07-03 06:08 · Score: 5, Insightful

I know the Gizmodo-troll types think "unbiased" means one can not state the truth, but in reality, "unbiased" means not having any reason to say something that isn't true.

Unbiased does not mean stating both sides equally, because both sides are not always equal. An unbiased opinion on Iraq does not spend half the time saying the war is going well if it's not.

An unbiased opinion on the iPhone does not hesitate to points out its limitations, but doesn't have to spend "equal" time on being negative about it, if its flaws do not warrant it.

The iPhone is quite obviously a good product, with some limitations that might not work out for some people. It is not a 50/50 or middle of the road product, and compared to competitive landscape, it is very impressive on a number of levels.

Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.
Re:they've never done it for iPods... by voidptr · 2007-07-03 06:41 · Score: 5, Insightful

Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?
Most iPods have radically different hardware than the previous generation too. In addition, there's some accounting rules that come into play with adding functions to something you already shipped and booked the revenue for. Once I've sold you a widget, if I spend any more engineering time to add something to it, I have to find revenue that pays for that somewhere. It's not a problem with OS X, because the $129 Leopard upgrade pays for the engineering in Leopard, not the revenue they already booked and reported when I bought the Mac in the first place.

Apple stated on their last quarter conference call they're changing the way they book AppleTV and iPhone revenues to spread it out over 8 quarters, so they don't have that problem. Even though they get $600 today for an iPhone sold, they don't actually put the whole thing in the books right away as recognized revenue, they apply it over the next two years to ongoing engineering for existing units. Exactly what they'll do with that ability remains to be seen, but they've at least publicly stated their intent to improve the platform for early adopters.

--
This .sig for unofficial government use only. Official use subject to $500 fine.
Re:Prediction... by untaken_name · 2007-07-03 07:39 · Score: 5, Funny

Well, I'd just say that someone who reads/posts to /. doesn't fit *my* vision of of a "normal person". Maybe that's geekist of me.

--
http://xkcd.com/386/
Re:Passwords by catmistake · 2007-07-03 08:12 · Score: 5, Funny

You've got it upside down.
The password for alpine is root, the dottie user account password is mobile.

--
The Admin and the Engineer
Re:Passwords by Man+Eating+Duck · 2007-07-03 08:58 · Score: 5, Funny

Btw "root alpine" is an anagram for "rape lotion"
Huh? For a moment I wondered how that occurred to you, but on the other hand I don't really want to know...

--
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
Paris Hilton by jmickle · 2007-07-03 09:02 · Score: 5, Funny

Anyone find her iphone yet? Id like to see another movie....
Re:Passwords by uufnord · 2007-07-03 09:54 · Score: 5, Funny

Everyone's got it upside down.

The root password is au!dle

The mobile password is a!++op
Re:Prediction... by Anonymous Coward · 2007-07-03 10:13 · Score: 5, Funny

Those four will open 99% of all luggage in the world that doesn't contain a laptop, cash or a gun.
I don't get it. What world doesn't contain a laptop, cash, or a gun, and yet has luggage?
Re:Prediction... by Anonymous Coward · 2007-07-03 10:45 · Score: 5, Funny

Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.
Exactly, because the proper term is "fanboi".