This article was written by us for the IsraelDefense magazine and was published on September-October 2012 issue.

At the far end of the web lies a dark world of war, crime, and espionage. All you have to do is know where to look to find it…

Click here for the original article, as published in the printed magazine.

 

 

Jul 082012
 

This article was written by us for the IsraelDefense magazine and was published on July 2012.

Click here for the original article, as published in the printed magazine.

 

 

This article was written by us for the IsraelDefense magazine and was published on its special issue about cyber in June 2012.

The original article

 

The Hebrew version of this article was published by us in the digital version of Haaretz newspaper.

May 282012
 

This article was written by us for the IsraelDefense magazine and was published on May 2012.

 

How can cyberspace be protected in advance from sudden events with far-reaching implications? Gil David examines the phenomenon of the “Black Swan”.

In the 16th century, when people wanted to say that something was impossible, they used the term “black swan.” This expression describes an event that could not happen in reality.

According to historical evidence, it was believed at the time that swans had only white feathers – ergo, a black swan could not exist. Then, in the seventeenth century, the world was stunned to learn that black swans had been found in remote Australia. The categorical assumption that black swans were impossible was abandoned.

In 2007, the Lebanese-American philosopher Nassim Taleb presented his own black swan theory after several years of work. Taleb defines events as black swans that are generally random and unexpected. In other words, a black swan is a high-impact, low-frequency event whose influence on the future is extreme but whose likelihood of happening is low.

In our time, a classic case of a black swan is the September 11, 2000 terrorist attack on the World Trade Center and Pentagon in the US. This event contains all the criteria that define a black swan. It was a unique event. Whoever watched it – no matter where – was shocked. Its repercussions are still felt today, especially in airport security. The level of protection has risen dramatically and governments are continually upgrading security measures. This trend has had a powerful impact on the handling of passengers and the need for enormous resources.

Worms and Swans

One of the paramount cyber war events in recent years was the Stuxnet worm that infiltrated Iran’s nuclear facilities. Experts in cyber security agree that the Stuxnet worm attacked the centrifuges’ control systems and reshuffled their operating instructions, altering the centrifuges’ speed cycles, causing them to crack and then explode.

Stuxnet can be defined as a black swan for a number of reasons. First, it contained the element of surprise. Nuclear facilities are tightly guarded against physical, virtual, and cyber threats. Their communication networks are isolated from the Internet and buried several meters underground. In addition, the facilities’ production network operates according to SCADA protocol (Supervisory Control and Data Acquisition), and until the Stuxnet penetration, almost no cases of attacks aimed specifically against this protocol were registered. Despite enhanced security measures and isolation from external networks, the worm made its way so sophisticatedly into the reactor’s software and wreaked so much havoc in the facility’s innermost core that everyone was caught by surprise. In effect, what appeared as an impossible mission for the Stuxnet designers was carried out brilliantly and with craft, leaving the Iranians awestruck.

Second, from both a practical perspective and as a confidence destroyer, the effect of the worm on the Iranian nuclear program was immense. Some pundits claim that the attack pushed the nuclear project back by months, even years. Following the event, the Iranians decided to base their software on a code that they developed themselves, without recourse to any external codes that could harbor more worms. This required special preparations, such as training engineers and allocating costly resources. It also meant a setback for development plans. On the international level, Stuxnet had a powerful impact on cyber defense, forcing vast sums to be diverted to improving counter measures. In this way, it caused a reconfiguration of the security concept in states and governments and awakened the need for a significant change in preparing for future cyber threats.

Third, in recent years, there have been many indications of zero-day Trojan horses (exploiting computer application weak spots), backdoor attacks (circumventing normal authentication), and other malware designed for targeted attacks against organizations and facilities. Another technique that has been around for several years is malware incursion of networks via external infection (such as a disk-on-key) that bypasses the defense mechanisms that deny unauthorized access. Human agents have been used for carrying out an attack (for example, infecting a network with a worm) and social engineering has been employed for evading sophisticated security mechanisms. There were even some reports that attacks could be made against SCADA protocol-based systems.

The West is determined to impede the Iranian nuclear project at almost any price. The Stuxnet worm was indeed a black swan. It was the first major one to be seen in the cyber world, and is a harbinger of things to come in cyberspace. The trick is to avoid this kind of attack on our own systems. One solution is to identify weak points in our systems and transform a black swan into a white one. This is the only way we can protect our most sensitive systems and prepare for the cyber war that looms on the horizon.

 

The magazine version – please click on the article to get a bigger size.

 

The Hebrew version of this article was published in the digital version of Haaretz newspaper.

 

The Hebrew version of this article was published in the digital version of Haaretz newspaper.


 

The Hebrew version of this article was published in the digital version of Haaretz newspaper.

Who needs to be anonymous in the Internet?
The Internet is not anonymous. In most cases, virtual users and their activities in the Internet can be identified and associated to their real identity. Usually it is not a problem for the average user but sometimes Internet users want to be anonymous. For example, a journalist that wants to communicate anonymously with his resources, users that want to bypass the censorship that their country impose on the Internet, intelligence organizations that want to participate in forums without revealing their real identity and a blogger that wants to post his content anonymously.

Suppose that you want to leave a comment in a news website. In order to add your comment, you are required to write your name, e-mail address and the comment. Since you don’t want that anyone will know that you are the one that left the comment, you use a fake name and a fake e-mail address and then you leave the comment.
Although you used fake details, can this comment lead back to you? can someone associate and prove that you (the real you) wrote this comment? did this popular “trick” of using fake details helps you to stay anonymous?

The simple answer is, NO. It will be “easy” to find out that you are the one that left the comment. The more general answer is NO, whatever similar trick you use to fake your real identity, you are not anonymous in the Internet and if this news website will really want to find your real identity, it is possible. And in most cases, with the help of the law authorities, it can be really easy to do so.

Anonymity in the physical world
Let’s leave for a moment the virtual world of the Internet, and give an example from the real (physical) world.
Alice, who lives in Dallas, Texas wants to send a package to Bob, who lives in New York, New York. Alice is going to her local post office in Dallas and is asking to send the package. She is filling in the sender address (for example, Alice, PO Box 1111, Dallas, TX) and the recipient address (for example, Bob, PO Box 2222, New York, NY) and then she sends the package.

The local post office sends the package to the post office in New York, who delivers the package to Bob’s PO Box. When Bob gets the package, he knows the sender’s address. Well, actually he knows the name, PO Box, city and state but not the real home address of Alice.

Suppose that for some reason, Bob wants to locate the real details and address of Alice. Bob can call the post office in Dallas and ask for the real details of Alice. He gives them her PO Box (1111) and since they know the real details of every person that purchases a PO Box, they can give Bob the answer. However, they won’t since they keep the privacy of their customers. But what if package contained a ticking bomb and the local police ask them to give the real details? or the government? as you can imagine, of course they will expose Alice’s real details.

Anonymity in the virtual world
Let’s go back to the virtual world.
On 1/1/11 at 11:11 Alice wants to leave a comment on Bob’s website. When Alice connects to the Internet, her ISP, Internet Service Provide (local post office) assigns her an IP address (for example, 1.1.1.1). The IP address is like the PO Box from the physical world example. Bob also has his own IP address (for example, 2.2.2.2). Now, every activity she is doing in the Internet will be identified by her IP address. When Alice is leaving a comment on Bob’s website, she is actually sending the comment from her IP address to Bob’s (from her PO Box to Bob’s).

Like in the physical world, it is possible to locate the real address of Alice based on the IP address that she used. The IP that was assigned to her by her ISP (1.1.1.1) is registered on her ISP. Since this information is public on the Internet, anyone can find out the details of her ISP. For example, this website shows that my current IP address (79.181.205.194) is registered on Bezeq International ISP in Israel.

Now, Bob can contact Alice’s ISP and ask them for the real details of the person that used IP address 1.1.1.1 on 1/1/11 at 11:11. Every ISP is keeping logs of all the allocations that he made for his IP addresses, so Alice’s ISP can figure out easily that this IP address that was used at this date and time was assigned by him to Alice and since Alice is his customer he has her real details. As in the physical world, due to privacy issues the ISP won’t give these details to Bob but if the local police/governmental authorities will ask for the details the ISP is required to give them.

As we can see, both in the physical and in the virtual worlds, the anonymity of the sender is very limited. Now let’s see how we can improve the anonymity of our dear Alice.

How to be anonymous in the physical world
In order to dramatically improve her anonymity in the physical world, Alice will send her package to Bob using some people that will hopefully help her. Alice opens a global yellow pages directory and picks 3 random people, each one from a different continent. The first one, Frank from Paris, France (PO Box 3333). The second, Debbie from Melbourne, Australia (PO Box 4444). The third, Ali from Rabat, Morocco (PO Box 5555). Then, Alice will send her package to Frank, that will send it to Debbie, that will send it to Ali that will send it to the final destination, Bob. Each hop in this route knows only the address of the previous hop and the next hop and since the package is traveling around the world from one person to another, it will be harder to trace it back from the final destination (Bob) to the original sender (Alice). How is she going to do this:

Alice takes her package and writes Ali’s details (Ali, PO Box 5555, Rabat, Morocco) as the sender and Bob’s details (Bob, PO Box 2222, New York, New York) as the recipient. Then she takes the package and puts it inside a bigger package. She writes Debbie’s details (Debbie, PO Box 4444, Melbourne, Australia) as the sender of this bigger package and Ali’s details as the recipient of this package. Then she locks it with a combination lock, where only Ali knows how to open. Now Alice takes this (double) package and puts it inside a bigger package. She writes Frank’s details (Frank, PO Box 3333, Paris, France) as the sender of this package and Debbie’s details as the recipient. Then she locks it with a new combination lock, where only Debbie knows how to open. Last, Alice takes this (triple) package and put its inside a bigger package. This time she uses her details (Alice, PO Box 1111, Dallas, Texas) as the sender and Frank’s details as the recipient. Then she locks it with another combination lock, where only Frank knows how to open.

The following image illustrates how this multi-layers package looks like. Each layer has its own sender and recipient and its own lock:

Now Alice can send her multi-layer multi-lock package. The first recipient is Frank. Frank gets the package, unlocks it (only he has the right combination) and sees another package inside. He can’t open it (since it’s locked with Debbie’s combination) but he sees that destination of this package is Debbie. So he sends it to Debbie. Debbie gets it, unlocks it (only she can unlock) and sees another package inside. She can’t open it (locked with Ali’s combination) but she can see the next destination, Ali. So she sends it to Ali, who can unlock it (only he) and sees another package inside. This time he sees that the final destination is Bob and he sends him the last inner package. The reason Alice is using locks is to ensure that every middleman will be able to see only the next hop (middleman) on his route and not more than that. So Frank can see only the address of the next hop in his route (Debbie) but not the next next hop (Ali). This way, every middleman has only a partial knowledge of the whole route of middlemen.

Now suppose that Bob wants to trace back the original sender. He knows that the package came from Ali, so first he has to go to the post office of Ali in Morocco, show them the package and ask for the details of the one that sent this package to Ali. Even if they give it to him, Ali (and his post office) doesn’t know who was the original sender. He only knows that he got it from Debbie. So now Bob has to ask the post office in Australia to give him the details of the one that sent this package to Debbie. Again, even if he gets them, he still can’t locate the original sender of the package since Debbie only knows that she got it from Frank. So now Bob has to go to the post office in France and ask for the details of the one that sent this package to Frank. Only then he can trace back the original sender, Alice. Now Bob has to go to Alice’s post office in Texas and ask for her real details.

As you can see, in order to trace back to Alice, Bob (or the governmental authorities in his country), has to get help from the American authorities, the Moroccan authorities, the Australian authorities and the France authorities. This complex cooperation between several countries is time and resource consuming and involves diplomatic aspects as well and the chances for such cooperation are very very slim.

This multi-layer packaging and routing around the world dramatically increases the anonymity of Alice and in most of the cases (if the route and middlemen are chosen carefully) it will be almost impossible to trace the package from Bob back to Alice.
Back to the virtual world.

How to be anonymous in the virtual world
The idea that we described for the physical world is implemented in the virtual world by a system that is called TOR, The Onion Routing. TOR is a system that helps anyone to be anonymous in the Internet.
How does it work?
First, Alice has to install the TOR software on her computer. Then, when Alice wants to connect to the Internet, the TOR on her machine will pick up 3 random TOR relay machines (like Ali, Debbie and Frank from the physical world example). Relay machines are regular Internet users that for the sake of freedom volunteer to relay anonymous Internet activity between TOR users. Now, the TOR on Alice’s computer will take the comment that she wants to leave on Bob’s website, and it will wrap in layers as in the physical world example. In the virtual world, a package from the physical world is called a Packet. In the most inner layer, the packet has Ali’s IP (5.5.5.5) address as the sender and Bob’s IP address (2.2.2.2) as the recipient. In the next layer, the inner packet is wrapped inside another packet that has Debbie’s IP (4.4.4.4) as the sender and Ali’s IP as the recipient. In the next layer, the previous packet is wrapped inside another packet that has Frank’s IP (3.3.3.3) as the sender and Debbie’s IP as the recipient. And in the outer layer, the previous packet is wrapped inside an outer packet that has Alice’s IP (1.1.1.1) as the sender and Frank’s as the recipient. In addition, as in the physical world example, each layer is encrypted (locked) and only the recipient of this layer can decrypt it. Since every recipient peels his layer (and only his layer), and delivers it to the next recipient, thus providing a multi-layer packeting, this concept is called Onion Routing.

For example, during my current anonymous browsing using the TOR, my real IP address 79.181.205.194 (Bezeq International ISP in Israel) was changed to 178.63.97.34 that is registered on Hetzner Online ISP in Germany. Therefore, from the virtual world point of view, I am in Germany with a German IP address from a German ISP and not in Israel.

So when Bob sees the comment, he thinks that Ali left it (since it is identified by Ali’s IP address as the sender). Now, if he wants to trace it back to the original sender, he has to go the ISP of the last sender (Ali), show them the packet and its details (Ali’s IP 5.5.5.5, time and date the packet was sent) and ask them for the IP address of the one that sent Ali this packet (Debbie, 4.4.4.4). Once he gets it he has to do the same process with Debbie’s, Frank’s and Alice’s Internet service providers. So in order to trace back the details of Alice, Bob has to get the cooperation of the Internet Service Providers and the authorities of USA, Morocco, Australia and France. The chances for that to happen are very very slim and in many cases it is even impossible to trace back this route. Actually, tracing back this route in the virtual world can be significantly harder than in the physical world.

The following image shows how our anonymous messages traveled around the world between TOR relay machines.

Who is the owner of TOR?
The TOR project is maintained by a nonprofit organization, based in the USA. TOR is free and open source. It means that anyone can analyze the code and verify that there are no backdoors which compromise the anonymity and privacy of the user. TOR is using a network of more than 2,500 volunteers (relay servers) around the world, that relay the anonymous communication of TOR’s users. There are relay servers in Australia, Argentina, Belgium, Brazil, Canada, Germany, Denmark, France, Switzerland,  Algeria, Czech Republic, Egypt, Spain, Finland, UK, USA, Israel, India, Italy, Japan, Mexico, Latvia, Russia, Panama, Poland, Singapore, Slovenia, Turkey, Ukraine, South Africa, Vietnam, Venezuela and more and more.

Does TOR guarantee 100% anonymity?
No, nobody can guarantee 100% anonymity, however the process of tracing back a TOR route to the user’s computer is very complex and requires technological, governmental and diplomatic resources and cooperation between countries around the world. Therefore, TOR is probably your best way to stay anonymous in the Internet.

It is important to mention that in some cases, for example when there is an evidence of a terrorism activity, such cooperation between countries to locate the user that is using TOR is possible. There are also some documented attacks against the TOR network that try to compromise the anonymity of the users but still they are rare and complex.

How to browse anonymously using TOR?
The simplest way to use TOR is by using the TOR Browser Bundle that can be downloaded here, where you can also read the very simple instructions for using TOR. The TOR Browser Bundle is available for Windows, Mac, Linux and Android. It includes couple of software packages and a special version of Firefox browser. Once you download and extract the bundle, it will create a folder with several sub-folders. In the main folder you will find a file that is called “Start Tor Browser” (for Windows), or “start-tor-browser” (for Linux) or “TorBrowser_en-US.app” (for Mac). Before you run this file, close all the open browsers so you won’t get confused between the regular browser that you are using and the anonymous browser that TOR is using. Once you run this file, TOR will start running and when it will be ready for your anonymous browsing it will open its special version of Firefox. From now on (until you exit the browser), your browsing activity using this browser will be anonymous using the TOR network. Bear in mind that your browsing will be slower since every packet is encrypted and decrypted couple of times and it travels through several computers around the world. Well, this is the small price that you have to pay to be real anonymous in the Internet.

 

The Hebrew version of this article was published in the digital version of Haaretz newspaper.

You just got your new and shiny iPhone and you are ready to load it with the coolest apps. A minute before you use iTunes store to buy some apps, your friend is calling you.

You: “Hey dude, I’ve just got my iPhone and I’m on my way to iTunes to do some shopping”.
He: “Are you nuts??? Paying for apps???”
You: “Is there any other option?”
He: “Of course there is. You just have to jailbreak your iPhone”
You: “Jail? Break? What do you mean?”
He: “You let your iPhone out of Apple’s jail and then you can do whatever you like. Everything is accessible – the coolest games, the best apps, the most amazing wallpapers and themes – and you don’t have to go through iTunes anymore!”
You: “Wow, I’m going to jailbreak my iPhone!!!”

Credit: Vicky Woodward

What is jailbreak?
In the default configuration of every iPhone, a user can install apps (games, utilities, applications) only from Apple’s official app stores (like iTunes store).
Every app in iTunes store is reviewed and approved by Apple. This way, Apple can make sure that all the installed apps on iPhones (and iPods, iPads, Apple TVs) are harmless. They can make sure that no app in iTunes contains viruses, Trojans or other malware, for example. This is a strong security mechanism that protects the iPhone users.

However, it means that you can’t install apps that are not in Apple’s app store. Many apps are reviewed by Apple and disapproved for different reasons. Basically, every app that does not follow the policy of Apple is banned. For example, apps for donation of money to non-profit organizations are forbidden.
But still, how can you install such apps?
The answer is jailbreaking.

Jailbreak is the process of removing the builtin restrictions in iPhone that were imposed by Apple and giving a full control to the user. For example, the user can download and install any app, extension or theme he wants from non-Apple stores like Cydia store.
Developers of apps can bypass the policy of Apple for the development of apps, they can create almost any app they want and then distribute it through non-Apple stores, like Cydia.

We guess you got the idea – Apple puts restrictions on you iPhone, you can’t install whatever you want from wherever you want. Jailbreaking will set you free and now there are no restrictions on your iPhone anymore and you are free to install and run whatever you like.

What about unlocking your SIM-locked iPhone to use with another provider? Unlock software allow you to to use a SIM card from any provider but sometimes the unlock and jailbreak are bundled together so when you unlock your iPhone you also jailbreak it.

Is jailbreaking good or bad?
Actually we are not going to answer this question. It used to be illegal but not anymore (at least in the USA). Some are saying that after jailbreaking the iPhone, everything went much slower, the battery was exhausted quickly, the system became unstable and they could hardly operate it. Others say that it changed their life and now their iPhone can do amazing things.

So jailbreaking is legal, I can get tons of apps, I am the master of my iPhone – where is the problem?
The problem is, as usually in security issues, you – the human factor.
It is very easy to jailbreak an iPhone and you don’t really need to understand much about this process. Anyone can do it and it takes only couple of minutes. There are several methods for jailbreaking and you can find the popular ones easily.
And here is the catch – some methods for jailbreaking install a small software on your iPhone that is called SSH Service. This software gives you a way to communicate with your iPhone remotely and with full access to any part of the system. You don’t have to know what is SSH and what is a service and actually most of the jailbroken iPhone users never heard about it before.

However, this SSH service also opens a small window to the world…

Let’s try to simplify it by using an analogy – suppose you have a nice and well-protected house. You have doors, windows, steel grates and an alarm system that protects all the entries to the house. Now someone tells you that you if you remove the windows, doors and grates and disconnect the alarm system in the first floor, you will be able to walk freely into your house, you will see the view clearly and your cat will come and go as he likes.
Unless you live in an Israeli Kibbutz, your response will be – “are you nuts? everyone will be able to come inside, steal whatever they want, see everything I’m doing, eat my food and sleep in my bed.”

Did you ask the same question before you jailbroke your iPhone?
Probably not. Let’s see what can be the result of opening this small window in your iPhone.

When you connect your iPhone to the Internet via WiFi, for example using the Internet access in the airport, restaurant, train, coffee shop, hotel or university, every other user in this place can try to hack your iPhone remotely. When your iPhone is protected, it will be almost impossible to hack into it.
The SSH service on your jailbroken iPhone opens a small window to the world and now the nice guy in the first floor in your hotel can hack into your iPhone through the SSH service.

What can such hacker do? Everything!!!
He can read your documents, steal your bank/facebook/gmail passwords, see the pics and watch the naughty movies that you took with your iPhone…
He can read your sms messages and emails, eavesdrops your phone calls and track your GPS locations. He can install in less than a minute a tiny software that will send him every day all of the above and much more. And everything will be very stealthy – you won’t even know about it.

OK, relax, it is not so simple. Every SSH service has a password. So unless the hacker knows the password, you are protected.
Are you relived now? You shouldn’t be.
Every SSH service comes with a default password. For jailbroken iPhones with SSH service installed, the default password is usually ‘alpine’. When you jailbroke your iPhone, it was written somewhere in small letters that for security reasons you better change the SSH service password. Since most of the users don’t know what is SSH and why they even need it, they won’t bother to do it. And actually, even if they want, they probably don’t know how to do it.

To make a long story short, if you jailbroke your iPhone and SSH was installed and you didn’t change the default password – you can be hacked in seconds almost everywhere you go.
The funny thing is that it is very easy to hack into jailbroken iPhones using non-jailbroken iPhones and you don’t even have to be a computer geek to do it – we’ll see how to do it shortly.

What is the percentage of jailbroken iPhones?
The numbers are not absolute – there are different statistics from different sources.
According to Pich Media (2009), the percentage of iPhone users running their phones jailbroken is 8.43%.

More recent numbers are talking about 10-15%.
According to Chinese market research company Umeng (2011), 35% of iOS devices in China are jailbroken.

The distribution of the  jailbroken iOS devices in China is as follows:


Our field experiment
In order to understand better this phenomenon, we did an experiment in a small airport in Europe. It was a midweek day, around noon, where the airport was very quiet and not so busy.
We connected our non-jailbroken iPhone to the Internet via the free WiFi service and scanned the network. We found out that about 6% of the Apple devices had SSH service installed and waiting for remote connections. We tried to hack into them using the default password (in our experiment, once the default password was accepted, we logged out and disconnected immediately without violating the privacy of the user).
The result was amazing: about 80% of them where hacked immediately!!!
It means that about 5% of the iPhones in the airport were jailbroken with SSH service installed and a default password that was never changed.
We repeated this experiment in a small university and the results where about the same – 4-5% of the iPhones were jailbroken with SSH service installed and a default password.

It means that about 1 of 20 iPhones/iPads in use can be easily hacked and the most sensitive and confidential data can be stolen.

How to hack into iPhones?
In order to show how easy it is for every non-technical user to hack into iPhones around him (as long as they are connected to the Internet through WiFi), we will demonstrate this process using two free iPhone apps. It is important to mention that during the hacking procedure, the victim (the jailbroken iPhone user) is not aware to the hacking, he doesn’t see anything special on his screen and the whole process is stealthy and transparent. Our goal is to increase the awareness of the iPhone users to their security and privacy, and not to encourage hacking of iPhones, which is definitely illegal.

The first free app, Fing, can be downloaded through iTunes store. This app is used to scan a network and look for connected devices.
As you can see in the following picture, the app shows a list of devices that were found, and the name of their vendor.

List of connected devices

Every device in the list also has a number. For example, the last device in the above list has the number 192.11.228.154. This is its IP address. You don’t have to know what is an IP address. You just have to remember this number for the next step (for privacy reasons, all the real IP addresses that were used in this demo were changed to fake ones).

As you can imagine, all the Apple devices are good candidates for our demo.
Then, we use the same app to check whether these Apple devices have  SSH service installed. Basically you just have to click on each Apple device in the above list and you get the following screen:

Scan the device

Then you have to click on “Scan services” at the bottom and after couple of seconds you will get a list of all the open “windows” in this device (they are called ports). If you see an entry that says “22 SSH”, as shown in the next picture, it means that this device has an SSH service installed and ready for accepting remote communication.

SSH is open

You can repeat this process for every Apple device in the list and at the end you’ll have a list of devices, where each device has its own IP address (in our example, 192.11.228.154 was the IP of the last device).

Now we are going to use the second free app, Mobile Admin, which can also be downloaded from iTunes store.
This app lets you communicate with the remote SSH service.
Once you start it you get this screen.

Mobile Admin

Click on SSH and then click on “New Connection”.

Add a new SSH connection

In the next screen, in the Host box you should enter the IP address of the Apple device that you found (192.11.228.154 in our demo), in the User Name you should enter ‘root’ and in the Password you should enter ‘alpine’.

SSH connection details

Then you just have to hit Connect at the bottom of the screen.

A new SSH connection

On the next screen you should click “Accept Once”.

Accept the SSH connection to the iPhone

If this iPhone was configured with the default password, you should get the a black screen, where you see some text and a blinking prompt, like here.

It means that now you are the master of this device and you have full control over every part of its system. You can browse all the stored data in this iPhone. You can even change its default password…

How to protect your jailbroken iPhone?
If you have a jailbroken iPhone, you can use Fing to find your IP address. Just start Fing, let is scan (hit the refresh button at the top-right) and look in the list for the entry that says “You”. This is your IP address. In the following screen, our IP is 192.11.136.224:

Now use Mobile Admin as described above but enter your IP address in the Host box. Enter the User Name (root) and Password (alpine) as before and hit Connect.
If you get a screen similar to the following one, it means that your iPhone is not using SSH service. You are done here – you are protected.

No SSH service

If you get a screen similar to the following one, it means that your iPhone is using SSH service. But you still have to check that you are not using the default password. Click “Accept Once”.

If you get a screen similar to the following one, it means that your SSH service is not using the default password. You are done here – you are protected (as long as the password that you configured in the past is not weak).

If you get a screen similar to the following one, where you see some text and a blinking prompt, it means that your iPhone is using SSH service with the default password. Your iPhone can be hacked in seconds!

Now let’s change your default password.
Where you see the blinking prompt, type the following word and then click enter:
passwd

You’ll get a screen similar to the following one – you will be asked to enter your new password. Choose a strong password, write it, click enter. You will be asked to re-type your password. Type it again and click enter.

Then you should get a screen similar to the following one:

It means that your password was changed successfully – your iPhone is protected now!

© 2015 Brainstorm Private Consulting Blog Suffusion theme by Sayontan Sinha