Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

iPhone Root Password Hacked in Three Days

Posted by Zonk on Tue Jul 03, 2007 01:02 PM
from the not-that-it-will-do-anybody-any-good dept.
Businesses Security Handhelds Communications Apple Hardware
unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."
+ -
story

Related Stories

[+] Technology: First Third-party Native iPhone Application Released 192 comments
An anonymous reader writes "A third-party native application for the iPhone is now available. Gizmodo discusses the real full-fledged iPhone application with a graphic user interface and its own icon in the iPhone home screen. It is not a Web 2.0 app but the real thing. What is it? Ironically enough, MobileTerminal, 'a terminal emulator application for the iPhone. MobileTerminal.app is NOT an SSH client, nor Telnet for that matter. It can however be used to execute a console ssh-client application.' The iPhone dev revolution has just started."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

iPhone Root Password Hacked in Three Days 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Whoo-hoo (Score:5, Funny)

    by gtrubetskoy (734033) * on Tuesday July 03 2007, @01:05PM (#19732575) Homepage
    Now we can make phone calls as root!

  • Not that big a deal (Score:5, Insightful)

    by Space cowboy (13680) * on Tuesday July 03 2007, @01:05PM (#19732581) Journal
    If Apple consider it important (ie: if there actually *is* a use for this, rather than just a false trail, or if they want to make people think that), all they need to do is update the values and/or system libraries in the next software update. They could even change the encryption *mechanism* to make it pretty-much un-brute-forceable if they wanted to. I doubt they need to do that though, just change it to a 31-character string with punctuation/digits etc.

    Whereas this *is* news (hell, I'd submit it!), I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.

    Apple have said they intend to provide updates, changes, additions, etc. to the iPhone over time. They have a policy of supporting older computers with new OS releases, and I don't see why they wouldn't migrate this approach to their new market. It only *benefits* them if there are more used phones in circulation running OSX - even if it was a hand-me-down from the big-brother/sister who went and bought the new one...

    If this truly is the "third leg" of Apple's business, someone will get yelled at internally, and the next update will fix it. End of story.

    Simon.

    • I'd submit it!

      Is this like the geek equivalent of the frat-boy phrase, "I'd hit it!"?

    • Re:Not that big a deal (Score:5, Interesting)

      by 0xdeadbeef (28836) on Tuesday July 03 2007, @02:07PM (#19733403) Homepage Journal
      I think a lot of people criticising the iPhone at the moment still haven't made the leap from "this is a phone. It does X,Y,Z" to "this is a fully-fledged computer, masquerading as a phone" - with all that that implies.

      Then you understand nothing. The iPhone critics are thinking "this is a fully-fledged handheld computer, running the same operating system as my laptop, that has been intentionally crippled to protect the artificial market segmentation desired by AT&T and Apple."

      • Re:they've never done it for iPods... (Score:5, Insightful)

        by voidptr (609) on Tuesday July 03 2007, @02:41PM (#19733891) Homepage Journal

        Except they don't do it for iPods. Each new "generation" of the iPod has run a different firmware *and* had different capabilities, like being able to search. The older iPods never got the functionality of the newer ones, ever. Clickwheel iPods can't "search", nor do they get the newer iPod games, etc. This is just like digital camera manufacturers, home network gear makers, etc. Very, very, very rarely do they take advantage of the firmware updates to increase functionality in any way. Why should they, when they can make you but version N+1?

        Most iPods have radically different hardware than the previous generation too. In addition, there's some accounting rules that come into play with adding functions to something you already shipped and booked the revenue for. Once I've sold you a widget, if I spend any more engineering time to add something to it, I have to find revenue that pays for that somewhere. It's not a problem with OS X, because the $129 Leopard upgrade pays for the engineering in Leopard, not the revenue they already booked and reported when I bought the Mac in the first place.

        Apple stated on their last quarter conference call they're changing the way they book AppleTV and iPhone revenues to spread it out over 8 quarters, so they don't have that problem. Even though they get $600 today for an iPhone sold, they don't actually put the whole thing in the books right away as recognized revenue, they apply it over the next two years to ongoing engineering for existing units. Exactly what they'll do with that ability remains to be seen, but they've at least publicly stated their intent to improve the platform for early adopters.

  • Created for... (Score:5, Funny)

    by whisper_jeff (680366) on Tuesday July 03 2007, @01:11PM (#19732673)
    ...or could have been included to create a 'false trail' for hackers."

    Or it was created to generate topics on Slashdot when it's discovered...

  • Netinfo? (Score:5, Informative)

    by Anonymous Coward on Tuesday July 03 2007, @01:16PM (#19732727)
    I know I'm just an AC - so this will get modded waaaaaay down, but:

    This isn't the password for the running account - you'd have to boot the phone into single-user mode. The running passwords would be stored in Netinfo.

    This is going to turn into a lot of FUD....

  • phew (Score:5, Funny)

    by packetmon (977047) on Tuesday July 03 2007, @01:21PM (#19732783) Homepage

    Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
    alpine (mobile)
    dottie (root)
    guesses: 2 time: 0:00:00:16 (3) c/s: 551883 trying: royour - b1o2w8
    For a second I was imagining the hoRRORble marketing money they would have had to spend if they would have cracked it and it would have read:

    windows (mobile)
    blows (root)

    or

    gates (mobile)
    sucks (root)

  • I'm wondering if it's intentional (Score:5, Interesting)

    by jmichaelg (148257) on Tuesday July 03 2007, @02:11PM (#19733477)
    I'm wondering if perhaps Apple wants the phone cracked. AT&T doesn't control activation, Apple does. If the phone is cracked then people could buy an iPhone and if another carrier was willing, activate it with some other carrier than AT&T. There are lots of people out there who can't stand AT&T so it's not as if we're only talking about 2 or 3 hackers doing this.

    Jobs could play the innocent claiming that hackers did it all the while happy that yet another iPhone went out the door.

  • Emulation/Virtualization (Score:5, Interesting)

    by CompMD (522020) on Tuesday July 03 2007, @03:57PM (#19734927)
    So since the firmware restore image is out in the open, is it possible to emulate an ARM CPU in QEMU and boot the image? That would be interesting to find out.

    • Re:Prediction... (Score:5, Funny)

      by Dahamma (304068) on Tuesday July 03 2007, @01:27PM (#19732871)
      Since iPhones don't have any kind of access that makes this "discovery" meaningful

      That pretty much sums up how useless this article was.

      By the way, if anyone wants it, you can have the combination to my luggage.

      • Re:Prediction... (Score:5, Insightful)

        by daveschroeder (516195) * <(das) (at) (doit.wisc.edu)> on Tuesday July 03 2007, @01:10PM (#19732651) Homepage
        Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.

        In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.

        • Re:Prediction... (Score:5, Funny)

          by untaken_name (660789) on Tuesday July 03 2007, @01:29PM (#19732897) Homepage
          Assuming the iPhone is hacked to the point where it's easily modifiable, yes, it will have the opposite effect in the extremely small niche market.

          In the mainstream, this can easily get spun as the iPhone is extremely insecure, and has been "broken into", causing normal people to steer very clear.

          Doesn't the price tag already do that?

      • Re:Prediction... (Score:5, Insightful)

        by Anonymous Coward on Tuesday July 03 2007, @02:08PM (#19733427)
        I know the Gizmodo-troll types think "unbiased" means one can not state the truth, but in reality, "unbiased" means not having any reason to say something that isn't true.

        Unbiased does not mean stating both sides equally, because both sides are not always equal. An unbiased opinion on Iraq does not spend half the time saying the war is going well if it's not.

        An unbiased opinion on the iPhone does not hesitate to points out its limitations, but doesn't have to spend "equal" time on being negative about it, if its flaws do not warrant it.

        The iPhone is quite obviously a good product, with some limitations that might not work out for some people. It is not a 50/50 or middle of the road product, and compared to competitive landscape, it is very impressive on a number of levels.

        Also, FYI: Calling anyone a "fanboy" immediately identifies you an ignorant troll and ensures that nothing you have to say is worth hearing.

    • Re:root disabled? (Score:5, Interesting)

      by tgatliff (311583) on Tuesday July 03 2007, @02:10PM (#19733461)
      I would be impressed if korn is running on any stty, as there really should be no need for running a shell on a production unit. I am not going to believe this "trying to throw off" business, though... That USB interface is just way too handy to not do terminal interfacing during development/testing... The trick is understanding how they were interfacing to it, though. I strongly suspect that it is just a matter of time before someone invests the time to figure it out...

      In my opinion, the biggest news here is not as how it was reported, but rather that people now can easily modify the default image and try booting it on the iPhone...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.