In this post we'd like to tell you few interesting iPhone hacks
that could be used for logging into someone other's iPhone and browsing it as well as for some cute little pranks. It's up to you to decide how to use those hacking possibilities.
Many people think that iPhone is for blondes. Yes, blondes really like it but the device is operated by fully functional Unix-based OS. The mobile iOS is based on desktop version of OS X, which init's turn is a modern version of NeXTSTEP BSD-family system appeared back in 1986, five years before Linux kernel.
Apple's engineers deleted almost all the console utilities from iOS, but in case of installing of OpenSSH on a hacked iPhone you also need to install a package with BSD-environment. Now meet the old friends - curl, scp, zsh, tar, bzip2 aaaaand, guess who? - gunzip!
Like in any other Unix-based system iOS has superuser under name root and standard password - alpine. Six letter in lowercase - a very bad idea for root password. But don't be afraid until your iPhone is not hacked (jailbroken
) because until it's clean there's no place to enter this login and password. So it's better for you to check your root password to any other you'd like. Once you're protected, let's start the fun!
For detecting your potential victim you need to be connected to Wi-Fi. Now we need to run a nmap scan. Just run scanning as usual, for instance:
nmap -O 10.0.0.*
and you'll see such data among other hosts:
Not shown: 1714 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: XX:XX:XX:XX:XX:XX (Apple)
Device type: phone|media device
Running: Apple embedded
OS details: Apple iPhone mobile phone or iPod Touch audio player (Darwin 9.0.0d1)
Sure, the scanning process with -O key is very long and boring process, so there's a little automation cheat. Hacked iPhone runs not only sshd but mDNSResponder (Zeroconf by Apple) as well. That means that device tells everyone about the services offers on startup. So you just have to run SFTP-client with Bonjour support, and he'll let you know when the new host appears online.
Now you know how to hack someone's iPhone and search for useful data, but how does it look like? They can be stored as is, in .plist files or SQLite bases. How to get them? Read the second part of Funny and Useful iPhone Hacks