As you probably know there are some issues with OpenSSH in 1.1.3:
-you cant easily change the default password,
-the icon does not appear in the springboard,
-sometimes you cant uninstall OpenSSH via Installer.

The iphone automatically connects to known networks and since most OpenSSH instalation have default password this leaves a possible attack scenario.


[Accesing Iphones with OpenSSH default password]

1) Using airodump we can see the Known Networks that the Iphone automatically connects to.

2) Using the Evil Twin / Fake Access Point technique we can make the Iphone connect to us.

3) With any sniffer o from the routers interface we can know its IP.

4) We connect with any SSH client and use the default account root:alpine

5) We are root so we can do anything like install a troyan that forwards

SMS maybe?

Some interesting files:
Fotos: /private/var/mobile/Media/DCIM/100APPLE
See some emails: cat /private/var/mobile/Library/Mail/Envelope\ Index
Plaintext Notes: cat /private/var/mobile/Library/Notes/notes.db
Apollos Plaintext IM passwords: cat

hosts file: /private/var/mobile/Library/Preferences/hosts
SMS: /private/var/mobile/Library/SMS
Contacts: /private/var/mobile/Library/AddressBook
Limitation of the attack:
-You must have default password,
-You must have prefered/known networks and they must be open auth,
-When phone is autolocked WiFi is off so the is little time for the script to work ...

[Changing the default password]

You can use one of the following methods, first one worked for me:

[cypt(3) and vi /etc/master.passwd]
Go to
Type your password then click "Encrypt password" and use the salt "/s".

Edit /etc/master.passwd with vi to change password.

Run and then you can change the password.