Jailbreakers Who Don't Change SSH Password -- There's a Rickroll for That


For iPhone Jailbreakers using SSH to access their devices, but who haven't changed their password from the default, getting Rickrolled by a worm may be annoying, no worse than getting held for ransom by a hacker, but it's a sign that far more insidious and malicious attacks are possible -- so change those passwords now!

Back to the Rickroll. TUAW reports:

A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.

And the new background is, of course, Rick Astley. While removal details are included in an interview with the hacker, it's better to be safe than sorry. So, check our iMuggle's tutorial on how to change your SSH password, and change it right away.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Apple Issues Apple TV 3.0.1 Update to Fix Disappearing Content Bug

Next up →

iPhone 3G/3GS to be Sold at The Shack

Reader comments

Jailbreakers Who Don't Change SSH Password -- There's a Rickroll for That


Why would you waste your time commenting on a "sad little loser"? Its basically just promoting security, and informing those that susceptible to fix their hole.

@ Joe mcg
cause it's effing hilarious. If that happened to me, and I just suddenly had Rick Astly as my background, I would die laughing.........and then immediatly change my password

Congrats Pablo, your a jerk!
On topic, this is quite scary and as JD says it would be beest if pwnagetool/redsn0w/blackrain or hell even cydia forced a password reset.

I think it's great that the hackers currently exploiting this lack of security seem to have a great sense of humor about it. @Ben Gillam that isn't a bad idea, Cydia would be in a great position to vocally recommend people to change their passwords. I know that while I always have my SSH off, I never changed it's default password until the hijack was reported last week. The awareness is working!

Cool, I've been searching all over for a good Rick Astley wallpaper. I'm changing my password back to alpine now.

...LOL @ Fastlane...maybe I'm too tired but, your comment induced a 15 minute laughing spree during which I almost choked to death...thanks, man, you made my day. Rick mutha freakin' Astley...LMAO.

Speaking of root passwords, I installed Ubuntu the other day using Wubi, and Wubi refuses to allow you to install without setting up a root password.

Pretty funny if you ask me... I think it's a good way to point out the issue without causing any real damage.
Realistically the person could have done much more insidious things.

MADNESS! Iphone sends personel information to the developers of certain apps.
Click my name and check the full story!!!!!

Ok. Found this on tiib
So, what’s SSH?
The first thing you would like to know is what SSH is. SSH stands for secure shell that is commonly used in Unix/Linux environment. You can use SSH to access a remote a computer and execute commands from another machine that may be miles away. Additionally, you can use it to transfer files to the remote computer, just like FTP. I’m not going to dig deep and throw out all the technical details about SSH. But just remember, SSH is a tool that lets you access machine or devices remotely. Here, the device is your iPhone.

Count me in as thinking it's hilarious. But I wonder, why has it taken people so long to decide to do this crazy simple hack? Jailbreak has been around for over 2 years! Maybe it's just certain European providers where the 3G smartphones all show up in a particular IP range accepting incoming SSH connections?

Wow. The iphone weaknesses keep coming out of the woodwork. I'd just avoid the thing all together. Too much suckage.
Congrats on being the first smartphone with a virus.

@Thor E
how is this an iPhone weakness? This affects people who jailbreak their devices, something apple clearly does not endorse.

At least ikee didnt change everyones ring tone to 'Never Gonna Give You Up'.... Now THAT would have been a horrible hack.

Will changing the SSH PW impact future Jailbreaking or installation of any JB apps? Do any of these need the root PW to install?
Simple tutorial and very easy to change by the way.

Ok, so i've been rickrolled! Not funny when it happens to you. So can anyone point me in the right direction to get this removed, I have changed my root PW and it is still there, need help pls.

Me pointing out that mobileterminal doesnt work on 3.1.2 serves the purpose to let others know who are running that firmware not to think there is a problem. I tried to boot up MT a dozen times and it would always crash and made the effort to find a fix to realize it doesnt work on 3.1.2.

I haven't been able to get terminal to launch since 3.1.4 on my 3G Since I have my iphone 4 terminal doesn't even work... Terminal keeps crashing and I can't even change the password.

Reason #4782 to not get an iPhone.
Personally, HTC is my favorite company. Anything but Apple. I'm an adult, I already have parents and I don't appreciate the short leash Apple and almost all cellular networks throw around my neck by restricting or flat out denying me the right to do whatever the hell I want with or to my 600+ dollar phone/gadget...besides, Apple is overpriced, overrated and disgustingly trendy...85% of iPhone owners don't use all the phones features...also, if you want to video call/conference one or more friends, everyone must use Facetime, meaning EACH of you MUST have an iPhone 4...something fishy going on...