iPhone. Ups...
13/07/2007 Written by Boris Mutina
iPhone from Apple is for many a masterpiece. It has WiFi, screen that turns when you turn the phone. It has so many wonderful features, that also Steve Wozniak would make it to his primary number, and really, on first day were approx. 200 000 pieces sold.
But soon after releasing iPhone to public, many researchers tried to make their own research, one disassembled it, another one smashed the new iPhone against the ground. And, there are lot of researchers that took a look on operating system.
iPhone runs on MacOS, this is the fact that everybody knows. After 3 days there were first informations released, on the restore image predefined root password of the device is set to: “Alpine”. Also predefined password for user “mobile” is “dottie”. You can try to decrypt by yourself, password file is available here. Ups…
Why ups? As encryption mechanism used for password protection was taken DES encryption. Another ups is because of the root password strength. On the first site when googling for password strength meter, I got clear answer: weak password, found in dictionary. Thank you, guys.
Why so many concerns about it? iPhone uses authorized binaries now, but, if there was a possibility to enter file system of the image and decrypt password, i believe, there will be a possibility to trick the iPhone to not use them or use another binaries, that can be malicious.
Let’s change the topic, Jon Lech Johansen known as DVD Jon in his blog stated that he: “found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to NSA AT&T. The iPhone does not have phone capability, but the iPod and WiFi work.” He also published an application that enables the iPhone for iPod and WiFi use. What he meant with the “NSA”? Privacy concerns, of course. I remember the words of a friend of mine, who said, that the less the phone knows, the better for privacy and personal security. After googling a bit about iPhone security, I decided to not to struggle to get that one. Better not.
