Slashdot: iPhone Root Password Hacked in Three Days

[krimedog]

http://apple.slashdot.org/article.pl?sid=07/07/03/1622212&from=rss

"An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."

Any thoughts?

 

[marksman]

My first thought was how would they actually use this?

 

[appleii2mac]

I wouldn't be entirely surprised if the root passwords were a false lead either.

In fact, I suspect one of the main reasons that the iPhone lacks many "standard" features (MMS messages, disk mode, etc) is to reduce the available "surface" for the hackers to attack. As these features are stringently tested, and audited, they will be released. The iPhone will likely be the largest "target" for hackers of any phone available, for a variety of reasons.

I suspect security updates for the iPhone may be quite common in the coming months (although I hope it's not necessary).

 

[/dev/toaster]

Uh ... gratz ... doesn't really change anything. If they find a use for it, then I might be shocked or amazed ... until then, *yawn*