iPhone root password cracked in three days
By Nick Gibson | 2007/07/03 16:56:16
It's been out just three days, but already the Apple iPhone has been taken apart both literallyfiguratively. The latest: inquisitive Apple fans have hacked into the firmware and discovered the master root password to the smart phone.
The information came from an an official Apple iPhone restore image (rename as a zip file and extract). The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.
Hackers used the simple UNIX program 'strings' to extract a list of human readable character strings from the disk image, which contained a list of user accounts and their corresponding encrypted passwords (equivalent to the /etc/passwd file on UNIX and Linux systems). A call was then made out on the Full Disclosure mailing list for someone to run the popular password cracking tool John the Ripper on the encrypted passwords.
It took one replier just sixteen seconds to extract the passwords for both accounts -- both passwords were simple six letter words of lower case letters.
Having the passwords will not do anybody any good for the moment. The iPhone has no console or terminal access, so there is no way to log in as either account. In fact, nobody even seems certain that the accounts access the machine at all, some Internet commentators suggesting that the password file was left over from early development work, or was intentionally included to throw hackers off the scent.