As you probably know there are some issues with OpenSSH in 1.1.3:
-you cant easily change the default password,
-the icon does not appear in the springboard,
-sometimes you cant uninstall OpenSSH via Installer.

The iphone automatically connects to known networks and since most OpenSSH instalation have default password this leaves a possible attack scenario.

-

[Accesing Iphones with OpenSSH default password]

1) Using airodump we can see the Known Networks that the Iphone automatically connects to.


2) Using the Evil Twin / Fake Access Point technique we can make the Iphone connect to us.



3) With any sniffer o from the routers interface we can know its IP.



4) We connect with any SSH client and use the default account root:alpine



5) We are root so we can do anything like install a troyan that forwards

SMS maybe?

Some interesting files:
Fotos: /private/var/mobile/Media/DCIM/100APPLE
See some emails: cat /private/var/mobile/Library/Mail/Envelope\ Index
Plaintext Notes: cat /private/var/mobile/Library/Notes/notes.db
Apollos Plaintext IM passwords: cat

/private/var/mobile/Library/Preferences/*MSN.plist
hosts file: /private/var/mobile/Library/Preferences/hosts
SMS: /private/var/mobile/Library/SMS
Contacts: /private/var/mobile/Library/AddressBook
Limitation of the attack:
-You must have default password,
-You must have prefered/known networks and they must be open auth,
-When phone is autolocked WiFi is off so the is little time for the script to work ...

-
[Changing the default password]

You can use one of the following methods, first one worked for me:

[cypt(3) and vi /etc/master.passwd]
Go to http://javascript.internet.com/passw...ncryption.html
Type your password then click "Encrypt password" and use the salt "/s".

Edit /etc/master.passwd with vi to change password.


[SSH-pass.app]
Run http://winandmac.com/files/SSH-pass.zip and then you can change the password.




hkm