Filed under: iPod Family, Security, iPhone
Secure Your iPhone: What's in that data file?
If you've hacked your iPhone for disk access, have you ever peeked at the dynamic-text.dat file in /var/root/Library/Keyboard? You might be surprised at the contents. All your personal words that don't show up in the default dictionary get stored in this file. If you're using a business iPhone, you may want to especially monitor this file. It's not a keylogger but there's a lot of personal data that ends up there.
Thanks NerveGas
Update: Yes, this does include passwords and yes, they are stored in clear text.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
yacoub said 4:07PM on 10-25-2007
Hey anyone else have issues with Installer.app today not being able to Refresh its resources?
Reply
Tom Elsa said 4:11PM on 10-25-2007
All this technology and they cant even stop a hacker yet.
Tom Elsa
NOW AVAILABLE: Mr Instability
On http://www.lulu.com
read reviews here
http://www.mrinstability.blogspot.com
Join me on myspace
www.myspace.com/tomelsa
Reply
Ben said 4:24PM on 10-25-2007
Whoa. Good to know.
Reply
Ryan Schmidt said 4:39PM on 10-25-2007
This is actually VERY VERY good news. Erica, I am not sure if you've ever used a blackberry before but I imagine you have. Couldn't an app be written that would write to this file just like AutoText on a blackberry does? For those of you that don't know what I'm talking about, AutoText is an app that allows you to add words to your dictionary.
The initial benefits of this would be that you could add words to it manually so that the phone wouldn't suggest "spelling corrections". Could this be able to do a full blown AutoText meaning substitute words for different words? e.g. I type "gotd" and then the phone changes that to "Go out to dinner"
Does any of that make any sense? No time to proof read. :)
Reply
Jeremy said 4:55PM on 10-25-2007
Oh, wow. This is a problem. That file contains all sorts of things I've typed, INCLUDING PASSWORDS.
It doesn't contain ALL passwords I've typed, so obviously there is some kind of logic to exclude them, but it is far from entirely effective.
Reply
badtzmaru said 5:04PM on 10-25-2007
HA.
And Apple is concerned about 3rd parties developing apps that could affect the network or the iPhone.
Smart. Real Smart!
Reply
Jordan said 11:29PM on 10-25-2007
Wow! Yeah, many of my passwords were here as well. Definitely have to watch out for this. I agree, badtzmaru -- the threat isn't outside developers, it's apple!
Reply
thanhyboi said 5:13PM on 10-25-2007
so how exactly do we secure ourself if we've hacked the iphone already? do we occasionally go into this folder and delete whatever is in there? serious question. thanks!
Reply
Fritz Laurel said 5:26PM on 10-25-2007
Holy crap! That's a HUGE security hole!
Reply
Antonio said 6:02PM on 10-25-2007
Indeed it could be a serious problem, and there are some other apps affected... I wrote about this issue a few days ago at my personal blog, so if any one wish to take a look at some more details just visit this automated translation:
http://translate.google.com/translate?u=http%3A%2F%2Fwww.zurco.org%2Fagujero-de-seguridad-en-el-iphone%2F&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools
The original one in spanish is here:
http://www.zurco.org/agujero-de-seguridad-en-el-iphone/
Best regards.
Antonio.
Reply
Fraggle said 6:16PM on 10-25-2007
Well if you have Jailbroken you'll more than likely still have ssh running. either disable ssh. or type passwd after loggin in to swap your password for login.
Any other tips.. Maybe modifying the file so it cannot be written to? time to play..
Reply
Antonio said 7:07PM on 10-25-2007
I'd more worried about any kind of non open source application getting out by FTP or any other way that file away our iphones, and without having ourselves any clue about it.
Remember that applications dont ask for permission to open an internet connection...
Reply
Mo said 6:47PM on 10-25-2007
Dear Apple,
Please make the iPhone's keyboard dictionary smart enough to learn everything I type and store that somewhere, preserving the information across crashes, reboots, etc.
Please also make the iPhone completely open to developers and interested people to poke around with.
However, please make it so that the file that stores the keyboard dictionary isn't accessible to people who've got SSH/SFTP, or any other third-party stuff running on their iPhones, without pissing off anybody who might want to be able to access that file for legitimate purposes, such as a utility which ensures your Mac's custom spelling dictionary is synced with the iPhone's (actually, iTunes should just do this on its own as part of the sync).
Please also supply me with the moon, on a stick.
kthxbye,
Mo
x
Reply
Techslacker said 10:58PM on 10-25-2007
Now this is funny...people claiming this is insecure but apparently missed the part where it requires you to hack the phone to get to it. Don't hack the damn phone and guess what it's not such a security issue any longer.
Don't get me wrong the idea of data like passwords stored there doesn't sit well with me but it is what it is...don't hack the phone and control access to it and you won't have as much to worry about.
Reply
Catch said 10:11PM on 10-25-2007
Well this is really not a problem if you are using secure passwords. Based on what I see in my file it looks like it only grabs things that are close to words it knows. If you are using a good secure password it will never pick it up in there.
Also if you have used ssh for the symlink hack on 1.1.1 jailbreak make sure that you did not keep the default password that the GUI gives you. Moral of the story is, in every case strong passwords are your friend.
Reply
John Cleary said 11:23PM on 10-25-2007
Ok.. I'm stressing. I sold my iPhone. Does anyone know if /var/root/Library/Keyboard gets reset when you do a 'delete all data' off the iPhone on the phone itself?!?
Am I really going to need to change about 4 passwords?
Anyone??
Reply
John Cleary said 11:34PM on 10-25-2007
Does anyone want to test a delete all data for me??? please?? :(
Reply
starkruzr said 12:01AM on 10-26-2007
This is really not hard, guys. Change your root and mobile passwords.
Reply
John Cleary said 12:11AM on 10-26-2007
But what happens when you sell / loose you iPhone?!
Reply
harrywolf said 1:00AM on 10-26-2007
Didnt know where else to post this, but I have a 1.0.2 iphone running the 04.01.13_G modem firmware, fully unlocked to Rogers Canada, everything works.
Had trouble with 1.1.1 so I downgraded back to 1.0.2 but ended up with this odd mixture.....
Is this OK? It certainly works well.
Reply