ATTENTION: The correct title should be: "Touchfree installs a SSH server on your iPhone with public passwords - Leaving SSH (OpenSSH/DropBear) open on your iphone with default password is Dangerous"
Did you use the ULTIMATE GUIDE or the REALLY ULTMATE GUIDE ?
Dropbear allows anyone to connect via SSH to the phone if the IP address is accessable. ANYONE on the internet can wipe your phone clean, put some virus on it, convert your iPhone into an SMS Spamdevice, make plenty of calls, whatever.
So you must either change the root password or disable dropbear after using touchfree, or even better: DO BOTH. Disabling the dropbear process is in any case recommended as it may drain the battery.
To change the root password:
- install BSD Subsystem with Installer
- install Term-vt100
- start Term-vt100
- type: passwd
- change your password
- close Term-vt100
- uninstall BSD Subsystem with Installer
To disable dropbear:
- install with the installer the UIctl application (if UIctl doesnt show up in the installable applications then install community sources first)
- start UIctl
- click on the ....dropbear process, a menu pops up
(make absolutely sure that you didnt click anything else otherwise you may brick your phone)
- click unload -w and confirm, the dropbear process should now be red
- shutdown phone and restart
(try to log into your phone with winscp to check whether the phone is really not accessible by SSH)
- uninstall UIctl with the installer application
Finally: Sleep much better