iPhone. Ups...

13/07/2007 Written by Boris Mutina

phonebugiPhone from Apple is for many a mas­ter­piece. It has WiFi, screen that turns when you turn the phone. It has so many won­der­ful fea­tures, that also Steve Woz­niak would make it to his pri­mary num­ber, and really, on first day were approx. 200 000 pieces sold.

But soon after releas­ing iPhone to pub­lic, many researchers tried to make their own research, one dis­as­sem­bled it, another one smashed the new iPhone against the ground. And, there are lot of researchers that took a look on oper­at­ing system.

iPhone runs on MacOS, this is the fact that every­body knows. After 3 days there were first infor­ma­tions released, on the restore image pre­de­fined root pass­word of the device is set to: “Alpine”. Also pre­de­fined pass­word for user “mobile” is “dot­tie”. You can try to decrypt by your­self, pass­word file is avail­able here. Ups…

Why ups? As encryp­tion mech­a­nism used for pass­word pro­tec­tion was taken DES encryp­tion. Another ups is because of the root pass­word strength. On the first site when googling for pass­word strength meter, I got clear answer: weak pass­word, found in dic­tio­nary. Thank you, guys.

Why so many con­cerns about it? iPhone uses autho­rized bina­ries now, but, if there was a pos­si­bil­ity to enter file sys­tem of the image and decrypt pass­word, i believe, there will be a pos­si­bil­ity to trick the iPhone to not use them or use another bina­ries, that can be malicious.

Let’s change the topic, Jon Lech Johansen known as DVD Jon in his blog stated that he: “found a way to acti­vate a brand new unac­ti­vated iPhone with­out giv­ing any of your money or per­sonal infor­ma­tion to NSA AT&T. The iPhone does not have phone capa­bil­ity, but the iPod and WiFi work.” He also pub­lished an appli­ca­tion that enables the iPhone for iPod and WiFi use. What he meant with the “NSA”? Pri­vacy con­cerns, of course. I remem­ber the words of a friend of mine, who said, that the less the phone knows, the bet­ter for pri­vacy and per­sonal secu­rity. After googling a bit about iPhone secu­rity, I decided to not to strug­gle to get that one. Bet­ter not.

Share this content: