I have read some posts about whether I should change the root password or not. I do not have OpenSSH installed but I have been using ifunbox to transfer files. Should I still change the root password?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iPhone Question about security
- Thread starter gman901
- Start date
- Sort by reaction score
Question about security
You should always change both the root and mobile user passwords. You can download MTerminal from Cydia and do it right on the device.
You should always change both the root and mobile user passwords. You can download MTerminal from Cydia and do it right on the device.
Okay, I'll do that now! Thanks for the advice.
----------
I installed Mobile terminal but it keeps crashing. I'm on 8.2 on the iPhone 6 plus.
----------
I installed Mobile terminal but it keeps crashing. I'm on 8.2 on the iPhone 6 plus.
If you don't have openSSH installed then you're fine. Without that installed then you can't access the device remotely through wifi and if they gain physical access to the device it won't matter either. Unless you install openSSH there's no reason to bother changing them.
That's really good to know as well. I found a terminal program that works with the 6 Plus and went ahead and changed both passwords even though I don't have openssh installed. I figured it won't hurt either.
That's what I thought. There's no way in if you never install openSSH to begin with right?
Even without having SSH installed, it is still a very good preventive measure to change both of the passwords. In the even one downloads something that ends up being malicious, it won't be able to cause too much damage as it won't be able to elevate itself by using the standard password that has been the same since iOS 1.1.
Nope. There's no reason to change the passwords if you have not installed openSSH. The attack vector doesn't exist without that being installed. I've been jailbreaking since it first started in 2011 and without installing openSSH there's no reason whatsoever to change the alpine password because you can't access that vector without it being installed. I remember way back when that a guy was able to hit that vector through the carrier and was changing people wallpapers or something and everyone in the jailbreak scene and the people that were against were running around like a chicken with their heads cut off over it. Without openSSH being installed it was impossible to do that, and through USA carriers you couldn't do it either because you can't access that part of the phone through the IP address or whatever it is that your carrier gives you for your data. People latched onto it without having any clue what they were talking about and it did real damage to the jailbreak scene because ignorance trumped education. It was low hanging fruit and people bit on and didn't let go.
----------
That's not true. Malicious software doesn't need that level of access to wreak havoc. OpenSSH is only there to access your device remotely through wifi. I don't know who told you that or where you got it from but it's completely false. There's no reason to change either if you don't install OpenSSH because apps don't need to.
Jailbreaking has been around since 2007, not 2011, and way back then OpenSSH wasn't used, it was Dropbear SSH. Changing both the root and the mobile passwords, even without SSH installed, is still a very good idea. It prevent locally executed malicious scripts and applications from elevating to root permissions without user consent. There are some many ways that a malicious executable can cause havoc on a default password iOS device. All it takes is a crafty malicious developer to put something on Cydia that has an SSH binary in it and have it reverse SSH into a server of their choosing. Thus, creating a simple, yet effective, botnet. You're turning a blind eye to the possibilities and potentials of malicious iOS applications and packages.