This post was published in 25/02/2012 and is currently obsolete. It is kept here for archiving purposes where some part of it are still applicable. Please stop messaging me to hack your girlfriends' phones.
Hacking iPhone SMS. Is a part of iPhone hacking for dummies.
The smarter your mobile phone is, the more hackable it becomes.
Abstract
I am not reinventing the wheel, this tutorial is provided as Informative and I do not hold any responsibility for missusage in your personal life by violating other people's privacies. The goal is to learn how to hack your OWN iPhone and extract the SMS database (as an example) in order to protect yourself and avoid being hacked by malicious intruders whenver you are connected to 3G or any other wireless connection.
You do not need to be a Hacking Guru, many times you can rely on other people's stupidity and bad configurations in order to achieve your goals.
Keep in mind the points below:
- We do not learn to hack, we only hack to learn :)
- We only attack for deffensive reasons
Most of us ignore that iPhones do have a default password 'alpine' for its 'root' unix based OS, this does not present any vulnerability as long as no external network/internet connection can be established. Whenever any remote connection server is installed (SSH, OpenSSH, ...), you should sit back, focus and change your password before even scratching your ass (or head....or whatever...).
It's important to note that this attack cannot be executed on jailed iPhones (non-jailbroken), because the moment you jailbreak your iPhone you are automatically wide opening a big security hole in your known as 'smart phone'.
Many times jailbroken iPhones are sold 'out of the box' with OpenSSH.
In our case, we are going to exploit a very common iPhone vulnerability when OpenSSH would be installed using Cydia after having kept 'root' default password 'alpine' unchanged.
Hacking Duration
20 seconds
Technical Difficulty
Very Easy
Requirements
- SSH or sFTP client
- Default OpenSSH installation on iPhone (or any SSH client on any type of phones).
Simple 5 steps
Step 1
Get your iPhone IP Address and use the below config to connect using sftp:
Host: sftp://iphone_ip_address
Username: root
Password: alpine
Step 2
If you receive a "host key is unknown" just ignore it by pressing Ok.
Step 3
Directory listing Successful : GOTCHA ! ! Now we are ready to play.
Step 4
Browse to the directory where the SMS database is present : /private/var/mobile/Library/SMS and download the file sms.db
Step 5
Open the SMS Database using your favourite SQLite browser, select the table 'message' and HOPP :)
I hope you enjoyed the cook for today, the upcoming tutorial will summarize how to recover files and SMSes whenever deleted from your smart device.
Leave a comment!