Page 1 of 2 12 LastLast
Results 1 to 10 of 15
Discuss Touchfree is DANGEROUS [(REALLY) ULTIMATE GUIDE] leaves SSH open at the iPhone "2G" (Rev. 1) - Hackint0sh.org; ATTENTION: The correct title should be: "Touchfree installs a SSH server on your iPhone with ...
  1. #1
    Professional Array

    Join Date
    Sep 2007
    Posts
    65
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Touchfree is DANGEROUS [(REALLY) ULTIMATE GUIDE] leaves SSH open

    ATTENTION: The correct title should be: "Touchfree installs a SSH server on your iPhone with public passwords - Leaving SSH (OpenSSH/DropBear) open on your iphone with default password is Dangerous"

    Did you use the ULTIMATE GUIDE or the REALLY ULTMATE GUIDE ?

    Dropbear allows anyone to connect via SSH to the phone if the IP address is accessable. ANYONE on the internet can wipe your phone clean, put some virus on it, convert your iPhone into an SMS Spamdevice, make plenty of calls, whatever.

    So you must either change the root password or disable dropbear after using touchfree, or even better: DO BOTH. Disabling the dropbear process is in any case recommended as it may drain the battery.

    To change the root password:
    - install BSD Subsystem with Installer
    - install Term-vt100
    - start Term-vt100
    - type: passwd
    - change your password
    - close Term-vt100
    - uninstall BSD Subsystem with Installer

    To disable dropbear:
    - install with the installer the UIctl application (if UIctl doesnt show up in the installable applications then install community sources first)
    - start UIctl
    - click on the ....dropbear process, a menu pops up
    (make absolutely sure that you didnt click anything else otherwise you may brick your phone)
    - click unload -w and confirm, the dropbear process should now be red
    - shutdown phone and restart
    (try to log into your phone with winscp to check whether the phone is really not accessible by SSH)
    - uninstall UIctl with the installer application

    Finally: Sleep much better

    Cheers

    GeeJay
    Last edited by geejay101; 10-29-2007 at 07:47 PM.



  2. #2
    Professional Array

    Join Date
    Aug 2007
    Posts
    80
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    I used the alpha touch free version and I do not have drop bear running..

  3. #3
    Professional Array

    Join Date
    Sep 2007
    Posts
    65
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by Marwanie View Post
    I used the alpha touch free version and I do not have drop bear running..
    I havent tried the alpha version but I read that it uses openssh instead of dropbear.

    So the same what I wrote above regarding dropbear applies also to openssh. Change passwords and disable openssh when not needed anymore.

  4. #4
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    125
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    13

    Default

    Or you can just install services.app and activate/deactivate SSH from there at will.
    iPhone 4 GB running 1.1.1 (virginized from 1.0.2) on Vodafone Greece
    Activated/Jailbroken/Unlocked via Safari Exploit/TouchFree/Anysim
    Calls in/out YES/YES
    SMS in/out YES/YES
    EDGE Probably yes, havent tried yet
    Wifi/YouTube/Wireless iTunes YES/YES/YES

  5. #5
    Respected Professional Array

    Join Date
    Oct 2007
    Posts
    514
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    Quote Originally Posted by geejay101 View Post
    Moderators please make sticky until ULTMATE guide authors have ammended their guides.

    ATTENTION: touchfree opens iPhone publicly by installing dropbear SSH server with public passwords.

    Did you use the ULTIMATE GUIDE or the REALLY ULTMATE GUIDE ?

    Dropbear allows anyone to connect via SSH to the phone if the IP address is accessable. ANYONE on the internet can wipe your phone clean, put some virus on it, convert your iPhone into an SMS Spamdevice, make plenty of calls, whatever.
    So you must either change the root password or disable dropbear after using touchfree, or even better: DO BOTH. Disabling the dropbear process is in any case recommended as it may drain the battery.

    To change the root password:
    - install BSD Subsystem with Installer
    - install Term-vt100
    - start Term-vt100
    - type: passwd
    - change your password
    - close Term-vt100
    - uninstall BSD Subsystem with Installer

    To disable dropbear:
    - install with the installer the UIctl application (if UIctl doesnt show up in the installable applications then install community sources first)
    - start UIctl
    - click on the ....dropbear process, a menu pops up
    (make absolutely sure that you didnt click anything else otherwise you may brick your phone)
    - click unload -w and confirm, the dropbear process should now be red
    - shutdown phone and restart
    (try to log into your phone with winscp to check whether the phone is really not accessible by SSH)
    - uninstall UIctl with the installer application

    Finally: Sleep much better

    Cheers

    GeeJay
    How do you propose some one would do that???
    maybe i should install some antivirus software on my iphone for the 100's of viruses and keyloggers and spyware that are there for the iphone

    fear psycosis- don't you love it
    Last edited by fallenczar; 10-28-2007 at 07:05 PM.


  6. #6
    Senior Professional Array tetsu's Avatar

    Join Date
    Sep 2007
    Posts
    387
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    27

    Default

    from the get go touchfree has ben plagued with bugs and erratic behavior.. STAY AWAY FROM IT!...

    use carnaval with the tiff exploit in order to jailbrake and unlock your iphone
    Best jailbreak solution Carnaval by brasuco! Keep on the great work iphone dev team!
    now at version 0.7 download it here or here
    my blog http://blog.sposito.org

  7. #7
    Amazingly Knowledgeable Array carlosvaldosta's Avatar

    Join Date
    Sep 2007
    Posts
    763
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    46

    Default

    can you not just uninstall ssh from installer???

  8. #8
    Advanced Array

    Join Date
    Oct 2007
    Posts
    31
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by shodanjr_gr View Post
    Or you can just install services.app and activate/deactivate SSH from there at will.
    That's what I thought. This works right?

  9. #9
    Senior Professional Array

    Join Date
    Oct 2007
    Posts
    455
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    Quote Originally Posted by tetsu View Post
    from the get go touchfree has ben plagued with bugs and erratic behavior.. STAY AWAY FROM IT!...

    use carnaval with the tiff exploit in order to jailbrake and unlock your iphone
    BEWARE: This people are scaring people for no reason. Most of what the say is false. They are just trying to promote another method (their method?) (and i can't see the reason behind that).

    That is utter rubbish and false. Why are some people here bashing against TouchFree and promoting other solutions which are plaged with problems?
    Do you get any money from that?
    Others method use OpenSSH as well. You just have to uninstall it. Or install services.app to turn it off.
    TouchFree alpha doesn't install dropbear. So please stop spreading lies.

    That goes to the creator of this thread too.
    Your iphone would be accesible if you have wifi on while you are on the street. But who is going to have their wifi on when they are not using wifi?
    You just have to change the password or stop the service!!
    Btw: Why do you have to uninstall BSD subsystem? That is not neccesary at all.

    "ANYONE on internet" can access your phone.....sure my grandmother can do it...!!Come on man you are making me laugh!!If that happen it would be people on my same LAN!! Yes, right now my iPhone has dropbear on... and in my house!! Oh yes!!people out there on the internet know i have an iphone and they are tracking me down!!
    This is kind of Al Gore style... of course I know you are not making as much money as him spreading the fear.

    My Network harddrive has dropbear running all the time ..with all my files on it!!! Do you think I am scared?I sleep very well.
    So it is not ANYBODY on internet can access my iphone. For this to happen:
    1st. I must have dropbear or OpenSSH running.
    2nd. I must have wifi on (why would you waste battery life while walking on the street?)
    3rd. I must be connected to a Wireless LAN (hotspot, access point)
    4th. Some guy around who has a laptop must be connected to the same Wireless LAN and must see me using my iphone.
    5th. That guy has to be a cracker.
    6th. That guy must find out my Iphone IP. If he is a cracker he surely can run a scanner on the LAN and detect an SSH port open.
    7th. To spam with sms use my phone..blah,blah must be a cracker who knows how to crack iphones.

    I think this really reduces the ANYBODY to just a few people in the world.

    Also tetsu what is the point of going to others people method to tell them to use Carnaval? The Carnaval thread is plagued with errors...much more than the Really Ultimate Guide plagued with succes stories.
    Please just point me one, just one, bug in TouchFree and mention any erratic behaviour.

    Since I am accesing my iphone with WinSCP I surely know already that is accessible.
    I will just add to it how to change the password or delete the dropbear to the guide. That is all.

    I would suggest a more general warning:

    YOUR IPHONE IS DANGEROUS!! YOU COULD BE ATTACKED BY THIEVES IF YOU USE IT IN DANGEROUS AREAS!!! YOU ARE A MAGNET TO THIEVES!!!
    (I am sure there are more thieves out there than iphone crackers)




    EDIT: Ok geejay101. Now I have seen you sent me a Private message warning me about it. thanks.
    I will add that to the guide tomorrow.
    Last edited by juanpa74; 10-29-2007 at 04:27 PM.

  10. #10
    Professional Array

    Join Date
    Sep 2007
    Posts
    55
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    9

    Default woe unto you

    I also believe this is just paranoia, btw I used touchfree alpha and am experiencing no errors. I'm with the guy who said not to worry about things and stop promoting other methods based on unfactual information.


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. MacNN: Yahoo leaves door open for other offers
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 05-06-2008, 06:00 AM
  2. Replies: 11
    Last Post: 12-11-2007, 10:33 PM
  3. after TOUCHFREE can't open SMBprefs, installer.app
    By newkid in forum iPhone "2G" (Rev. 1)
    Replies: 2
    Last Post: 10-28-2007, 07:35 PM
  4. Replies: 3
    Last Post: 10-24-2007, 04:57 PM
  5. [ULTIMATE GUIDE for THE REALLY ULTIMATE GUIDE!!]
    By dragonaut in forum iPhone "2G" (Rev. 1)
    Replies: 2
    Last Post: 10-23-2007, 11:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 03:04 PM.
twitter, follow us!