I was considering buying an iPhone to replace my personal cell phone. But it looks like a few security shortcuts were taken during the development of the OSX software used in the iPhone.

It appears that Apple has chosen to run user applications effectively as UID 0. This means any application (especially with input control) can execute arbitrary code. Literally anything is possible.

It also appears that the root account is enabled and to make matters worse, the root password is already in the wild. The password is “dottie” by the way. One other account, mobile, has also been compromised. The password is “alpine”.

So roughly one million Internet connected iPhones have been sold and are ready to be compromised. Perhaps I should buy one so I can join the iPhone security Armageddon…or I can just easily hack it for my own needs.