[Hacking For Dummies] Breaking into iPhone SMS Database
Hacking iPhone SMS. Is a part of iPhone hacking for dummies.
The smarter your mobile phone is, the more hackable it becomes.
I am not reinventing the wheel, this tutorial is provided as Informative and I do not hold any responsibility for miss usage in your personal life by violating other people's privacies. The goal is to learn how to hack your OWN iPhone and extract the SMS database (as an example) in order to protect yourself and avoid being hacked by malicious intruders whenver you are connected to 3G or any other wireless connection.
As a brief, this document is about hacking and exploiting iPhone vulnerbilities in order to extract the iPhone user's SMS database. You do not need to be a Hacking Guru, many times you can rely on other people's stupidity and bad configurations in order to achieve your goals.
Keep in mind the points below:
- We do not learn to hack, we only hack to learn :)
- We only attack for deffensive reasons
Most of us ignore that iPhones do have a default password 'alpine' for its 'root' unix based OS, this does not present any vulnerability as long as no external network/internet connection can be established. Whenever any remote connection server is installed (SSH, OpenSSH, ...), you should sit back, relaxe and change your password before scratching your ass (or head....or whatever...).
It's important to note that this attack cannot be executed on jailed iPhones (non-jailbroken), because the moment you jailbreak your iPhone you are automatically wide opening a big security hole in your known as 'smart phone'.
Many times jailbroken iPhones are sold 'out of the box' with OpenSSH.
In our case, we are going to exploit a very common iPhone vulnerability when OpenSSH would be installed using Cydia after having kept 'root' default password 'alpine' unchanged.
- SSH or sFTP client
- Default OpenSSH installation on iPhone (or any SSH client on any type of phones).
Simple 5 steps
Get your iPhone IP Address and use the below config to connect using sftp:
If you receive a "host key is unknown" just ignore it by pressing Ok.
Directory listing Successful : GOTCHA ! ! Now we are ready to play.
Browse to the directory where the SMS database is present : /private/var/mobile/Library/SMS and download the file sms.db
Open the SMS Database using your favourite SQLite browser, select the table 'message' and HOPP :)
I hope you enjoyed the cook for today, the upcoming tutorial will summarize how to recover files and SMSes whenever deleted from your smart device.