Last week the first iPhone “worm” hit the streets, or better said the pockets, of jailbroken iPhone Users. While that past worm was very begning, it merely “rickrolled” users, today a new worm hit. The new worm is called “Duh” or “Ikee.B”, and it uses the exact same vulnerability as the first one. The fix is thus identical – change the root password in the SSH application to something other than the default, which is “alpine”. SSH can be uninstalled or switched off when not in use, however changing the password once will solve all the current problems.

To change your root password and help prevent unauthorized access to your iPhone:

1. If you haven’t done so yet, install the MobileTerminal package using Cydia.
2. Run the Terminal app.
3. Type “su root” without the quotes and hit return.
4. Type the root password “alpine” and hit return.
5. You are now logged in as root. Type “passwd” and hit return.
6. Enter your desired new password. You won’t see the characters. Hit return and the iPhone will prompt you to retype the new password. Enter the new password again.
7. Type “exit” and hit return.

After you change your root password you should consider changing the password for the user “mobile” as well. This will further protect your data.

1. Run the Terminal app. You are now logged in as mobile.
2. Type “passwd” and touch return.
3. Type the mobile password “alpine” and touch return.
4. Enter your desired new password. You won’t see the characters. Touch return and the iPhone will prompt you to retype the new password. Enter the new password again.

Users who do not have jailbroken iPhones don’t need to worry about changing the default root password on their devices. SSH is not installed and there’s no terminal application to change the password.

Related Posts:

• January 28, 2010 -- History unfolding: Apple introduces the iPad (0)
• April 23, 2009 -- Solutions to all Aurora Feint II Tower Puzzles (62)
• April 8, 2009 -- Step-By-Step Guide to ReVirginize or Restore your iPhone/iPod (4)