thanks to our friends from iPhone Spanish This good tutorial comes to us so that we can secure our data on the iphone.
(Anti) Hack an iPhone / iPod
In this tutorial we are going to see how is it possible to enter a foreign iPhone / iPod via Wi-Fi, to learn how we can prevent them from entering ours. It is not about revealing a security hole, but about reporting the situation, which is known, public and published, and providing solutions to avoid it.
One of the common actions after unlocking an iPhone is to install OpenSSH through Cydia or Installer or any other application that activates the service SSH on our iPhone. OpenSSH It is a popular and widely used tool, but it is also a back door that allows anyone to access our iPhone (or someone else's) if the correct security measures do not exist. On our iPhone, OpenSSH is usually used to access the file system of the iPhone operating system (see tutorial).
OpenSSH is a demon which starts automatically, listening through port 22 (by default). That is, it starts when the iPhone starts up and it will attend to any request made on that port. It's like having a door on 22nd Street in our city, which when we do "knock" is going to ask us who we are, and if we guess the password, then inside. You only need to know the city, the street, the door and the password ...
In order to access a foreign iPhone, both the PC (yours) and the iPhone (foreign) are required to be connected to a Wi-Fi network, and this is possible due to the number of free and open Wi-Fi accesses there are. , starting with airports, fairs, offices, hospitals, etc ... It should be noted that access to a foreign iPhone can be done, installing the necessary tools, through another iPhone. How comfortable it is from a PC or laptop is clear, but it is not an essential requirement.
As an introduction, it must be explained that the iPhone / iPod is a "computer" that has its operating system, and therefore has its own user access accounts. Specifically, on the iPhone there are two accounts, root y mobile devices. The latter only present on iPhones. The bad news is the passwords are public and known to all iPhones / iPods: alpine (the latest) or dottie (the oldest).
To access a foreign iPhone requires more things than knowing the root keys:
- That the iPhone «to attack» has Wi-Fi activated (it is activated by default) and connected to the same Wi-Fi network as you.
- Knowing the Wi-Fi IP of the iPhone «to attack»
- That the iPhone "to attack" has OpenSSH installed (usual in unlocked iPhones to access its "guts").
To give a practical and real example, I am going to put my iPhone in a fictitious situation in which I do not know of its existence, it could perfectly be that of a stranger, and I am going to try to enter from my PC just as any other person could do. . The iPhone is on a table and I am in another room, with my PC.
The first requirement, having the Wi-Fi activated, comes by default. It would be quite likely then that the iPhone we want to access has it activated, and if we are in a public place, or in the same office, with a Wi-Fi signal, and we can connect to it, since the first condition is possible and probable . A typical scenario can be an airport, a fair, some offices, the neighbor ... every day there are more open Wi-Fi zones, or Wi-Fi's that have not been protected with a password. In my case, we are in a building that provides free Wi-Fi service, and the iPhone to attack, as usual, comes with Wi-Fi activated.
The second requirementKnowing the IP that the iPhone has to attack is relatively simple. It turns out that the iPhone always has port 62078 open that it uses to sync with iTunes. It is therefore quite probable that if I find a device that has port 62078 and port 22 open, it is an Apple device that has an SSH daemon installed such as OpenSSH. So, with a program that scans ports (in the test we used nmap ), I look for devices with those ports open within the address range to which I myself am connected. In the case of the test, my PC is connected to a Wi-Fi network which has provided me with an IP address, 10.0.0.172. Let's see if I can find my iPhone on the same network (10.0.0.x).
Bingo! I've already found it. We already have the second requirement, know your IP: 10.0.0.83.
The third requirement We have checked it in the previous step, since we have looked for devices with port 22 (SSH) open. We are going to verify that what is behind port 22 is really an SSH service installed on an iPhone. We will open a terminal window (in the example we have used WinSPC) and we will try to connect to the IP 10.0.0.83 through port 22 to see who responds:
And Bingo !, it asks us for the username, which we know: root
And after confirming the password (alpine or dottie, depending on the model), we enter the bowels.
At this point, we have full access rights to all the information on the iPhone, of course knowing where everything is stored, something that is also known and published.
Recapping: We were in a place, with a Wi-Fi connection, which provided us with an IP. This is the only information we have needed to get started. We have done a port scan on the network in which we were connected, looking for devices connected to the same Wi-Fi with port 22 (SSH) and 62078 open, and we have located (at least) one device (to my surprise, I discovered some more). We already had his IP. We have connected via SSH to said device, and we have overcome the barrier of credentials, because they are public (root + alpine or dottie). And without further ado, we are accessing the iPhone / iPod of a "stranger".
And if someone gets into my iPhone / iPod, what can they do to me?
Well, he can access your email, your contacts, your photos, your SMS, everything, and he can also delete any information he wants, leaving your iPhone without anything if he wants, that is, he can do you a lot of harm. They could take the contacts file (/private/var/root/Library/AddressBook.sqlitedb), copy it to their PC and then safely access the entire contact book... to give an example. The same with email, calendar, text messages, photos, ... and cookies. The latter, cookies, are a problem, because with them you can access, for example, the GMail account, the bank account, and in general anyone that requires a password. Also, if you are currently browsing, entering keys and passwords, you could, using the appropriate program (for example Tcpdump ), capture them. It could even introduce you to the iPhone, with tools like untroubled, a back door in case you disable SSH access. Paranoia? Maybe .. real, unfortunately yes.
Now positive part.
How to protect ourselves from outside access
If you haven't unlocked your iPhone or iPod, you don't have to worry about a thing. But, if you have it unlocked (see tutorial), as I put at the beginning, for them to access our iPhone / iPod, they require certain conditions, on which we can put obstacles:
That the iPhone has Wi-Fi enabled
It is clear, that we do not have Wi-Fi activated, they will not enter us. Here's the first way around it, keeping Wi-Fi off. But of course, at some point you will activate it to use it, but in the meantime, we prevent it from being activated 24 hours a day. In addition, keeping Wi-Fi deactivated you will save a lot of battery and avoid revealing the IP that allows, apart from entering, to perform denial of service attacks among other things.
Know your Wi-Fi IP
This requirement is unavoidable. If we are connected to our iPhone via Wi-Fi, a port scanner will detect us. We have no firewall on the iPhone to prevent it.
That the iPhone has OpenSSH installed
Surely we will not be all day tricking the guts of the iPhone. OpenSSH is a great tool, but it doesn't need 24 hours a day. The recommendation, as with Wi-Fi, is that you have this application uninstalled and install it when you need it. Surely this cumbersome step would not be done by anyone, but if you are looking for maximum security, without a doubt, if you do not have OpenSSH, they will not enter you.
Another more comfortable option is to have the application installed BossPrefs that will allow us to comfortably activate or deactivate SHH / among many other things) without having to uninstall and reinstall OpenSSH, or Toggle SSH (through Cydia).
Know the username and password for access
As we have said, the username and password are public. It should be noted that apart from the user name "root" there is a second, with more limited access, called "mobile" and whose password is the same as used by "root". What we can (must) do is change the password to both accounts. How? Entering terminal mode (for example with Putty ), and running the command Passwd. It will ask us for the password twice (remember that you will not see it written on the screen). We will repeat the process with the "mobile" account.
And is it not enough to change the passwords? No. Discovering passwords is sometimes quite easy, either by social engineeringBy brute force….
Remember: If you don't have Wi-Fi enabled or you don't have OpenSSH installed, you don't have to worry. If you both have them activated, the only thing that will save you is having changed the passwords. There are more options, but the level of paranoia would already border on worrying.
Well, after this session of paranoia, you will think who is going to bother to mess with your iPhone / iPod. Well, the normal thing is that nobody, but if you have sensitive information, or you go to a computer fair, or your work colleague is a ... be careful ...
wow !! This is a tutorial, they should learn to write like this guy ..!
Offer him some money to see if he writes for actualidadiphone.com and thus it would improve a lot
Excellent tutorial, just a doubt in which the change of password could affect me more in these users, let me explain, no application will be affected in its normal performance when doing this? Excuse my ignorance, thank you… ..
Very good yes sir, It reminded me of hack x crack booklets.
I will follow you closely.
Well, I say the same thing that I said on another page that posted the same thing: I think that simply saying that it can be done, without saying how to do it, the result would be the same, we would all protect our iPhones from possible attacks by SSH. But now anyone can enter thanks to this tutorial ... I had no idea how to do it before now. If some bastard gets bored and wants to bother, then he has nothing to do but follow this tutorial and look to see what he finds.
It's a great tutorial, but for the safety of our terminals, I'm sorry to say that I don't think it was necessary to explain in such detail how to do it.
The manual is very well explained, but now I want to answer Gondip. Without a manual, many would also know how to access other foreign iPhones, since the process is "almost similar" to how anyone accesses their jailbreaked Iphone.
It is not very difficult for people who do a little research either, since port scanners have been around for a long time, you just have to fiddle with what you want to do.
Of course, if you investigate, you will find a way, but that implies that the person who wants to access a foreign iPhone has previously thought about it, has studied it and has spent his time learning how to get involved in another iPhone.
What I was trying to say is that a person who has not shown the slightest interest in this aspect, now, if he is bored, he can try to do it and if he wants he can annoy any user of iphone or ipod touch simply for fun.
I do not care, I have taken care to protect him, but if someone suddenly happens it is not for not having said so.
Very good grade skinny!
Congratulations and thank you!
Gondip anyone with some advanced computer skills knows the vulnerabilities of openSSH.
If you know how to access your iPhone, obtain and modify the data, you will know how easy it is since permission is not requested from the terminal itself.
So the tutorial is very good, since it does not only explain how to try to remedy the problem, but also explain the source of it and if for this you have to make it clear and other people without knowledge make use of it with bad intentions is each one how to use the information, not the author.
So all my support to the author of the post !!!!!!!!!!!!!!!! 1
ufff that neura, it makes me want to turn it off and not touch it again ... !!!!
hopefully there aren't many hackers around!
Let's see, don't get me wrong, the post is great, a 10 for setio, but due to the security issue, it would have been better to cover our backs. It is clear that whoever wants to annoy ends up doing it, you do not have to be any genius to enter via SSH on a foreign iPhone, but beware, my comment was not aimed at criticizing the post or the author, but to clarify that due to this they could there will be more possible attackers than if it were not, just that.
I hope that my comments have not bothered the author since it was not my intention, I appreciate this information like any other user and thanks to it I already have my iPhone more protected.
All the best
Hello people, I am the author of the tutorial and it can certainly be criticized that it is better not to teach according to what things, but the truth is that to handle the tools used in the tutorial, knowledge is required that is supposed to be not for all audiences . I am one of those who prefer to be informed of any security issue before thinking that security holes are not discussed out there. As it is said in another comment, SSH is a world and whoever wants can 🙂
Thank you very much for the tutorial and for commenting on the xabi page.
Congratulations on such a great and detailed article.
Look at Gondip hackers really do a favor for security and it is precisely to make public the security holes so that users and companies are informed and protected. I think there will be formal training on hacking. I thought I read around there. Recently well-intentioned hackers broke into the systems of the LHC, the world's largest particle accelerator, did this to show that there was a security hole that was immediately plugged. If this had been done by people with bad intentions, I don't even want to think ...
In summary, information for everyone ... maybe this will cause an application to appear for Cydia or the Installer so that newbies can easily change their passwords or be assigned a random one and problem solved, but really, I prefer to live with the problem out in the open and think about seeing how we can solve it than living in complete ignorance and being annoyed by some savvy with bad intentions ...
Congratulations again for the fantastic article, very educational, well written, with excellent captures and thanks to him I have discovered the Nmap that I did not know.
regards
I think the same, don't believe it, I'd rather know than ignore it! but hey, I suppose that you have not understood very well what I was proposing, since I observe that you all respond to the same thing ... even so, congratulations on this great article, which has helped me to change the access codes of my dear «aifon »😉
Anyway, the only "new" thing that differentiates an access to an unlocked iPhone and the tutorial, is discovering the IP of nearby iPhones, the rest is the usual system to enter an iPhone by SSH
Good tutorial Xabi is of great help for the unintelligent 😛 but I think that changing the ssh password already stops many curious people who will try to do this by testing the default keys, if they could get the key with brute force but it takes a bit of knowledge of brute force programs and counting that an attack to the ssh protocol with brute force is slow ... limits the curious with some knowledge ... I also say that a password of more than 10 alphanumeric digits does not get it just like that unless meet the victim and make a custom dictionary but as I said before I would not give them time, if it is a pain to put a long password with numbers, letters and symbols but how much is your privacy worth ??? 😉 I think it is more dangerous to be snorted than to connect by ssh. But I will not go into details
a fierce greeting
It's understandable that money makes us independent. But how to act when somebody doesn't have money? The one way only is to try to get the business loans and just term loan.
We should not say that high school students who ask: »someone write my essay» suppose to be indolent. A lot of them just don't have free time to compose essay papers. So, I think they act correctly!
Только здесь отLICная раскрутка сайта с грантией результата.
The custom research paper performing can not constantly be a kind of fun. The presentation and speech writing will cost a lot of time. Smart people will advise to buy essay papers. I do guess that it can be the most simple way.
Really an illuminative and explanatory inform, the post is fantastic in all regards, I am glad to read this post. When any writer is like, scholars will never have problems with custom papers. Thanks.
Result aimed students worry about high grades, therefore they try to use an experienced pre-written essays service, which is essential.
That's really nice that you share facts referring to this topic. Buy essays at the custom writing services if you would like to have an experience for your article.
optimization and раскрутка + продвижение сайта
Лучший Prokat,car rental in Kiev
Luchshaya arenda car, prokat car in Ukraine
Thank you, it's very inspiring description about this good post it might be very kind for students. Recently i needed resume writers. To my awesome surprise, resume was honest the price I paid for it.
Skillful topic! Actually prosperous to be honest! I got my custom research papers was actually impressed with online essays! I read it and could not have done a finer custom research paper. I have got my grade on it, and surely it was really well educated.
The students guess that that's very important to get know about this post. Buy custom essay papers at the research paper writing services just about this topic, because it is interesting article.
It is rare these days to find websites with useful information. I am relieved I came upon this site.
I will eagerly look forward to your incoming updates.
Hello great contribution Where do I find the root password? How do I see if I have openSSH installed? I don't see either one in Settings.
Thanks a thousand