Jailbreaking your iPhone may be legal, but it puts the device’s security in jeopardy. Changing default passwords can help.
Editor’s Note: Amy Gahran writes about mobile tech for CNN.com. She is a San Francisco Bay Area writer and media consultant whose blog, Contentious.com, explores how people communicate in the online age.
(CNN) — Since the U.S. Copyright Office declared last month that it’s legal to jailbreak your iPhone, lots of iPhone users have been doing just that — nearly 9 percent of them as of late July.
But jailbreaking your iPhone — tweaking it to run applications not approved by Apple — is serious business. That’s not just because jailbreaking can void your Apple warranty, but because it can put you at risk of data theft, malware or other significant problems.
In November, TUAW reported that a Dutch hacker proved this point by using port scanning — using software to probe a network host for open ports — to find jailbroken phones. From there, he sent unsuspecting users a message that read, ‘Your iPhone’s been hacked because it’s really insecure! Right now, I can access all your files.’ ”
He then directed his victims to PayPal and requested €5 (about $10) in exchange for instructions to remove his hack.
At least he let his victims know they’d been hacked. Your iPhone won’t notify you about that on its own.
If you jailbreak your iPhone, one crucial way to protect yourself is to change the phone’s default passwords. But be forewarned: It’s not a simple process.
In the latest episode of the Boulder Open Podcast, hosts Dave Taylor and Michael Sitarzewski discussed this concern. Recently both of them jailbroke their iPhone 4s.
“I’ve gotta say, this was not a compelling experience. It was complicated as heck to figure out how to jailbreak the phone and then change the default passwords,” said Taylor, a longtime tech expert.
“Once you jailbreak your phone, it’s accessible via laptops. Someone can log into your phone and monkey with it. The process for changing the passwords is really quite a production. Like a lot of the open-source technology I’ve used in past 30 years, this is not something you want to get involved with unless you’re willing to spend the time to learn how to do this safely.”
A “root password” is a fundamental part of the geeky Unix back-end of the iPhone’s slick operating system. It’s something that non-jailbroken users never have to worry about because Apple’s walled-garden iPhone experience prevents this particular kind of incursion.
Sitarzewski explained, “Every Unix system on the planet has a root account, and the default password for that account is the same on every iPhone on the planet (‘alpine’).
“When you jailbreak your phone, sometimes one of the requirements for an app is secure shell (SSH). That’s the only way you’re opening yourself up to this particular vulnerability. So you don’t absolutely have to change your root password if you don’t install SSH protocols — but it’s a good idea anyway.”
Taylor added: “Not only is the default root password the same on every iPhone, but the default mobile user account password also is the same on every iPhone (‘dottie’). So you should change them both.”
If you venture beyond Apple’s iPhone garden walls, you can follow these instructions to change your default passwords from the Just Another iPhone Blog.
Alternatively, TiPb offers instructions on using the JailbreakMe mobile site to simplify the jailbreaking process.
They note that as of early August, some jailbroken iPhone users running iOS4 reported problems with the terminal (a command-line interface that lets you access system-level functions), and pointed to a TiPb discussion forum for instructions on fixing that problem.