ATTENTION: The correct title should be: "Touchfree installs a SSH server on your iPhone with public passwords - Leaving SSH (OpenSSH/DropBear) open on your iphone with default password is Dangerous"

Did you use the ULTIMATE GUIDE or the REALLY ULTMATE GUIDE ?

Dropbear allows anyone to connect via SSH to the phone if the IP address is accessable. ANYONE on the internet can wipe your phone clean, put some virus on it, convert your iPhone into an SMS Spamdevice, make plenty of calls, whatever.

So you must either change the root password or disable dropbear after using touchfree, or even better: DO BOTH. Disabling the dropbear process is in any case recommended as it may drain the battery.

To change the root password:
- install BSD Subsystem with Installer
- install Term-vt100
- start Term-vt100
- type: passwd
- change your password
- close Term-vt100
- uninstall BSD Subsystem with Installer

To disable dropbear:
- install with the installer the UIctl application (if UIctl doesnt show up in the installable applications then install community sources first)
- start UIctl
- click on the ....dropbear process, a menu pops up
(make absolutely sure that you didnt click anything else otherwise you may brick your phone)
- click unload -w and confirm, the dropbear process should now be red
- shutdown phone and restart
(try to log into your phone with winscp to check whether the phone is really not accessible by SSH)
- uninstall UIctl with the installer application

Finally: Sleep much better

Cheers

GeeJay

I used the alpha touch free version and I do not have drop bear running..

Originally Posted by Marwanie

I used the alpha touch free version and I do not have drop bear running..

I havent tried the alpha version but I read that it uses openssh instead of dropbear.

So the same what I wrote above regarding dropbear applies also to openssh. Change passwords and disable openssh when not needed anymore.

Or you can just install services.app and activate/deactivate SSH from there at will.

Originally Posted by geejay101

Moderators please make sticky until ULTMATE guide authors have ammended their guides.

ATTENTION: touchfree opens iPhone publicly by installing dropbear SSH server with public passwords.

Did you use the ULTIMATE GUIDE or the REALLY ULTMATE GUIDE ?

Dropbear allows anyone to connect via SSH to the phone if the IP address is accessable. ANYONE on the internet can wipe your phone clean, put some virus on it, convert your iPhone into an SMS Spamdevice, make plenty of calls, whatever.
So you must either change the root password or disable dropbear after using touchfree, or even better: DO BOTH. Disabling the dropbear process is in any case recommended as it may drain the battery.

To change the root password:
- install BSD Subsystem with Installer
- install Term-vt100
- start Term-vt100
- type: passwd
- change your password
- close Term-vt100
- uninstall BSD Subsystem with Installer

To disable dropbear:
- install with the installer the UIctl application (if UIctl doesnt show up in the installable applications then install community sources first)
- start UIctl
- click on the ....dropbear process, a menu pops up
(make absolutely sure that you didnt click anything else otherwise you may brick your phone)
- click unload -w and confirm, the dropbear process should now be red
- shutdown phone and restart
(try to log into your phone with winscp to check whether the phone is really not accessible by SSH)
- uninstall UIctl with the installer application

Finally: Sleep much better

Cheers

GeeJay

How do you propose some one would do that???
maybe i should install some antivirus software on my iphone for the 100's of viruses and keyloggers and spyware that are there for the iphone

fear psycosis- don't you love it

from the get go touchfree has ben plagued with bugs and erratic behavior.. STAY AWAY FROM IT!...

use carnaval with the tiff exploit in order to jailbrake and unlock your iphone

can you not just uninstall ssh from installer???

Originally Posted by shodanjr_gr

Or you can just install services.app and activate/deactivate SSH from there at will.

That's what I thought. This works right?

Originally Posted by tetsu

from the get go touchfree has ben plagued with bugs and erratic behavior.. STAY AWAY FROM IT!...

use carnaval with the tiff exploit in order to jailbrake and unlock your iphone

BEWARE: This people are scaring people for no reason. Most of what the say is false. They are just trying to promote another method (their method?) (and i can't see the reason behind that).

That is utter rubbish and false. Why are some people here bashing against TouchFree and promoting other solutions which are plaged with problems?
Do you get any money from that?
Others method use OpenSSH as well. You just have to uninstall it. Or install services.app to turn it off.
TouchFree alpha doesn't install dropbear. So please stop spreading lies.

That goes to the creator of this thread too.
Your iphone would be accesible if you have wifi on while you are on the street. But who is going to have their wifi on when they are not using wifi?
You just have to change the password or stop the service!!
Btw: Why do you have to uninstall BSD subsystem? That is not neccesary at all.

"ANYONE on internet" can access your phone.....sure my grandmother can do it...!!Come on man you are making me laugh!!If that happen it would be people on my same LAN!! Yes, right now my iPhone has dropbear on... and in my house!! Oh yes!!people out there on the internet know i have an iphone and they are tracking me down!!
This is kind of Al Gore style... of course I know you are not making as much money as him spreading the fear.

My Network harddrive has dropbear running all the time ..with all my files on it!!! Do you think I am scared?I sleep very well.
So it is not ANYBODY on internet can access my iphone. For this to happen:
1st. I must have dropbear or OpenSSH running.
2nd. I must have wifi on (why would you waste battery life while walking on the street?)
3rd. I must be connected to a Wireless LAN (hotspot, access point)
4th. Some guy around who has a laptop must be connected to the same Wireless LAN and must see me using my iphone.
5th. That guy has to be a cracker.
6th. That guy must find out my Iphone IP. If he is a cracker he surely can run a scanner on the LAN and detect an SSH port open.
7th. To spam with sms use my phone..blah,blah must be a cracker who knows how to crack iphones.

I think this really reduces the ANYBODY to just a few people in the world.

Also tetsu what is the point of going to others people method to tell them to use Carnaval? The Carnaval thread is plagued with errors...much more than the Really Ultimate Guide plagued with succes stories.
Please just point me one, just one, bug in TouchFree and mention any erratic behaviour.

Since I am accesing my iphone with WinSCP I surely know already that is accessible.
I will just add to it how to change the password or delete the dropbear to the guide. That is all.

I would suggest a more general warning:

YOUR IPHONE IS DANGEROUS!! YOU COULD BE ATTACKED BY THIEVES IF YOU USE IT IN DANGEROUS AREAS!!! YOU ARE A MAGNET TO THIEVES!!!
(I am sure there are more thieves out there than iphone crackers)



EDIT: Ok geejay101. Now I have seen you sent me a Private message warning me about it. thanks.
I will add that to the guide tomorrow.

I also believe this is just paranoia, btw I used touchfree alpha and am experiencing no errors. I'm with the guy who said not to worry about things and stop promoting other methods based on unfactual information.