Secure your jailbroken iPhone with a password change

So, you’ve jailbroken your iPhone, for whatever reason—because you want some functionality that’s not available from Apple, or because you’re a rebel—but you’re feeling a little wary after this week’s announcement of not just one but two exploits that affect jailbroken iPhone.

Not to worry. For one thing, neither exploit appears to be widespread. For another, both rely on the same assumption: that you haven’t changed the password for the ‘root’ superuser on your iPhone. Root is basically the iPhone's administrator account, and it has access to everything on the phone, which is why Apple doesn’t enable root access by default. Still, changing the password is pretty easy, and it will greatly enhance your security overall.

Presuming you have access to the Cydia repository, you can download the free MobileTerminal application, which gives you command-line access to your iPhone. Once you’ve installed the program, fire it up and follow these steps from the prompt.

  1. Type su root and hit return. This command means you’re requesting to log in to the root account.

  2. You’ll be prompted for root’s password which, by default, is alpine. Enter that and hit return.

  3. Now that you’re logged in as root, type passwd and hit return. This launches the command-line password-changing program.

  4. Enter the new password, making sure to choose one that’s hard to crack or guess—here are some suggestions for coming up with a strong password. Keep in mind that for security reasons, the passwd utility doesn’t show the text you’re entering.

  5. You’ll be asked to verify the password by retyping it. Make sure to enter it exactly the same way, or the password changing will fail.

  6. Once you’ve successfully changed the password, you’ll wind up back at a command prompt. Type exit and hit return to logout of the root user.

That’s it, you’re all done. Now you can go back to the Home screen, secure in the knowledge that your iPhone will remain free of Rick Astley wallpaper—well, unless you decide to put him there yourself.

Update: The mobile user, which is the default user on the iPhone, has access to all your data and also has a default password of alpine. You can launch MobileTerminal and follow steps 3 through 6 to change mobile's password (you'll be prompted to enter the old password before you can change it).

Subscribe to the iOS Tips & Trends Newsletter

Comments