Wednesday, July 4, 2007

Root password from iPhone was cracked

Like all OS from Apple the iPhone operating system is based on '*nix' so some smart guys retrived the encrypted password from a iPhone restore image and get all the "real" strings from it (with 'strings' linux program) and after that identified the accounts (accounts are preserved in clear text files) and extracted them. After that it was a piece a cake to run John the Ripper on the ecnrypted password to get out the real password. It's not such a big deal. Anyway I'm just curious about the use of this password. Probably when you will have the iPhone connected to internet is very possible to can be attacked.

Having the passwords will not do anybody any good for the moment. The iPhone has no console or terminal access, so there is no way to log in as either account. In fact, nobody even seems certain that the accounts access the machine at all, some Internet commentators suggesting that the password file was left over from early development work, or was intentionally included to throw hackers off the scent.

Read more details here .