There are an increasing number of jailbroken applications that can be loaded onto the iPhone — so many, in fact, that someone has thrown together a nifty package manager for installing and managing all of them.
One of the more interesting things to do, of course, is run an SSH client so you can perform remote administration of other machines. Apparently, the installation of SSH from the package manager is a full-fledged OpenSSL install — including the server side of things.
And yes, it does start up the SSH service.
Combine this with the well-known passwords for both “root” and “mobile” accounts and what do you get?
orthrus:~/ adam$ ssh root@172.17.1.44
The authenticity of host '172.17.1.44 (172.17.1.44)' can't be established.
RSA key fingerprint is 7f:c4:18:1d:08:63:6c:04:0c:14:30:b2:09:f4:ee:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.1.44' (RSA) to the list of known hosts.
root@172.17.1.44's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Mon Aug 27 17:34:23 2007 from 127.0.0.1
# ls
Library Media
# uname -a
Darwin Q40 9.0.0d1 Darwin Kernel Version 9.0.0d1: Fri Jun 22 00:38:56 PDT 2007;
root:xnu-933.0.1.178.obj~1/RELEASE_ARM_S5L8900XRB iPhone1,1 Darwin
# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/disk0s1 307200 193116 111012 64% /
devfs 18 18 0 100% /dev
/dev/disk0s2 7622368 6624600 997768 87% /private/var
#
Hmm… methinks the potential for havoc may be high here.
