Editorial

The war between security and convenience

News

iOS diagnostic services, their uses and protections, outline by Apple in response to 'backdoor' allegations

Editorial

Apple: No backdoors created for NSA

News

Apple blocking older versions of Flash after yet another security exploit

News

UK government set to rush through emergency surveillance legislation

News

UK officials follow US counterparts by banning electronics with no charge from boarding flights

Accessories

Apple's security lock adapter will chain your Mac Pro to your desk

Apps

Not only is Yo stupid, it's now also a security risk

How to

How to use your Photo Stream as the screen saver on your Apple TV

News

Apple confirms iCloud breach not the reason behind Apple ID hijack

iPhone

Bizarre Australian iPhone, iPad hijack serves as yet another reminder to use unique passwords

Editorial

Using strong passwords and keeping your online self secure

Apps

OS Experience for jailbreak brings Mission Control to the iPad

News

New cases promise to protect your iPhone from hackers...somehow

News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Apps

Slices brings multi-account management to your jailbroken iPhone or iPad

News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

iOS

Apple is aware of iOS 7 mail attachment bug, working on a fix

Apps

John McAfee's Chadder aims to keep your crazy messages private

Apps

Best jailbreak themes for iPhone: Ayecon, Flat7, Zanilla, and more!

Pro Tips: How to Secure Your Jailbroken (or Regular) iPhone Against Hackers

macbook_stop_jailbreak

The Jailbreak and Unlock wizards behind the iPhone DevTeam are off to DEFCON 17, the security/hacking convention that juxtaposes Black Hat 2009, and have provided a set of tips to help those at the conferences (or anywhere really) avoid getting their iPhone hacked into. The tips are really targeted at Jailbroken iPhones, but some cross over to regular iPhone users as well.

Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like twitter.com) to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you'll end up on the Wall of Sheep. But you'll be giving up your password to anyone else sniffing too.

They also advise avoiding any public Wi-Fi at hotels, conference centers, airports, etc. (and to tether instead), and either uninstalling or disabling SSH access, or at the very least changing the root and mobile password from Apple's default.

They also provide their suggestions for talks that might interest the iPhone jailbreak community. If anyone attends, let us know how it goes via our iPhone Jailbreak and Unlock Forum. And If you have more pro tips, send them our way!

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, The TV Show, Vector, ZEN & TECH, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

0
loading...
0
loading...
0
loading...
0
loading...

← Previously

TiPb Give Away: Cellar Digital Wine Showcase for iPhone

Next up →

iTunes Alternative Spotify Submitted to iPhone App Store

There are 17 comments. Add yours.

Caballera says:

Ugh, so how do I disable Login cookies, I don't see it in the Safari settings. Also how do I uninstall SSH? I'm using a non-jailbroken iPhone.

nfrederick says:

The best tip for keeping your iPhone secure is turning it off and keeping it off at all times, it makes it somewhat difficult to use, but there is no better protection.

Max Arroyo says:

good advice big daddy
Lord I miss Michael Jackson

Dryland says:

Wonder if we'll ever see an iPhone security app like Norton or McAfee.

Muero says:

@Caballera
The cookies settings are right there in the settings for Safari. If you can't find them, you're not looking. As for SSH, you can't install SSH unless you're jailbroken, so you wouldn't need to worry about it anyway.

Brad Zimmerman says:

SSH is one of the world's most secure, most well-tested and well-probed methods of transferring data. There is absolutely no reason to disable SSHd. However, leaving the root and mobile passwords unchanged is completely barmy. As one would for any point of access that gives significant control, SSH users are advised to pick strong passwords.
As for use of public and monitored WiFi: duh. Tunnel your connections, use https, etc. Or don't enter compromised, highly-monitored, actively probed environments thinking that you are safe. This is very standard stuff.

SpiceRak2 says:

You would be surprised how very little the average person knows about wi-fi security or internet security, for that matter. "Standard"...is turning the phone on/off. Everything else is technical for many, many users. Who but a technically skilled person would casually drop the phrase, "actively probed environments"?

W. Thoms says:

What if you are on 3G, not WiFi?

Alvin says:

This is a very useful and informative post for those iPhone users who always connect to the Internet through public wifi spot. They should not connect to the free wifi just to save their 3G bundled data.

Mentalikryst says:

@W. Thoms: I believe that SSH would work over 3G (depends on what the carrier blocks/allows) because SSH is also used for traffic over the internet. You can use SSH, and many do, just CHANGE YOUR FRIGGIN PASSWORD!!! And install the SB Settings toggle for SSH so you can turn it off when you are not using it. As long as you think about your iPhone being a castle, and SSH being the main gate into the castle, you should be fine. Close the gate when you are not using it...

James says:

There is absolutely no reason to disable SSHd. However, leaving the root and mobile solarhotwatersystem.net passwords unchanged is completely barmy. As one would for any point of access that gives significant control

Mikey says:

How do you change your root SSH u/p?

Mikey says:

And how do you change your iphone safari settings for that matter? Are these controlled externally via itunes?

Josh says:

People, google is very useful tool. Search what you are looking to do and you will definitely find answers. It's much easier than watching a forum and waiting for someone to spoon feed it to you. If you don't know what you are doing in the first place, you probably shouldn't jailbreak your phone at all :)

poweruser says:

Exactly my thoughts Josh! And for Mike's questions... iPhone Safari settings? How about going into your iPhone settings section (SETTINGS icon on your main screen) and scroll down and click on SAFARI submenu? I'm sure you'll work your way from there ;)