Primary links

New iPhone "Vulnerability" Not News

The media's at it again.  It became "news" last week when the first iPhone worm appeared on the scene, accessing jailbroken iPhones via ssh with a default root password.

Default root password attacks came out when? 1975 or so? How is this news?

Jailbreaking an iPhone is not for the weak of heart nor mind.  True, the developers should have went to a little extra work to generate a random password on each device, and display that password in a settings dialog. In reality, the jailbreaking process uses software that comes with no warranty, and voids the warranty of the phone. That there should be enough to proceed with extreme caution.

To me it's similar to downloading pirated software from the Internet and being shocked that you get a virus.  I understand that these are very different ends of the spectrum, but the idea remains - if you're going to play in murky waters, you better keep your eye out for security issues.

I guess the ones I really feel sorry for a those who paid to jailbreak their phone, and then got compromised...

full disclosure - I've jailbroken my iPhone, and my root password was changed long before this "issue" came out...