How to secure a jailbroken iPhone
Rick Astley is stalking you
Just to be clear, Rick’s far too nice a bloke to stalk people. But his flawless image has been appearing uninvited on jailbroken iPhones around the world after a couple of different hackers demonstrated a gap in the device’s security when it’s been freed from iTunes.
The exploit is found in the iPhone’s (and iPod touch's, so non-phone users should pay attention, too) SSH system. SSH stands for ‘secure shell’, and is a protocol that allows you to access your iPhone or iPod touch from your computer, move files back and forth, and execute commands.
Pretty useful, really, except most people haven’t changed their SSH root password from the factory default, and that’s how the hackers have been getting in.
You’ve got two options for locking the door again after jailbreaking your iPhone. You can change the root password to something unique, or you can switch off SSH within the iPhone. Or, if you’re particularly security conscious, you can do both.
Here’s how.
 |
|
| There are actually two passwords to change in the SSH settings. We’ll begin by changing your mobile password. Since you’re already jailbroken (right?), open Cydia and search for an app called MobileTerminal. Install it, then reboot your device. |
 |
 |
|
| Launch the MobileTerminal application and type the following command: passwd It’ll now ask you for the old password, which is the factory default one: alpine Type it in. |
 |
 |
|
| Now enter your own, unique mobile password, and retype it when prompted to make sure everything matches up. Make sure you store these passwords somewhere, as you’ll need them if you use SSH (might I suggest you install Keepass on your computer for storing all your passwords?) |
 |
 |
|
| Now we’ll change the root password. Type in the following command: login Enter the login name as: root and the password: alpine |
 |
 |
|
| Now you have root access, we can change the factory default root password. Type the following command: passwd Enter your new password, then retype it for authentication. And that’s it – you’ve now changed the default passwords and secured access to your device’s SSH system. Fancy a bit more control over SSH, just to be sure? Read on. |
 |
 |
|
| The next step isn’t completely necessary, but here’s a simple method of disabling SSH altogether when you’re not using it. Launch Cydia again, and do a search for an app called SBSettings, and install it. This is a great app that you’ll get loads of use of anyway, so even if you don’t care about disabling SSH, you’re still advised to install SBSettings. |
 |
 |
|
| We won’t get into the details setting up of SBSettings here (that’s for another tutorial), but launching it by swiping across the task bar at the top brings up the control panel for the application. You’ll see one of the default toggle buttons is for SSH. Just tap it to switch SSH on and off whenever you need it. Simple and secure! |
 |
