I came across this post on BassHero.org with some tips about stopping someone from exploiting a hole in the Nokia N9 developer mode which could potentially allow hackers to get into your phone using the default password - passwd (lol). Yeah its that simple but this is not necessary if you do not enable developer mode on your Nokia N9. To check, go to Settings -> Security -> Developer mode and make sure its not BLUE. Otherwise follow these instructions to secure your device from hackers whilst using developer mode.
There are a few things that can be done to improve security on the phone after developer mode.
- Make sure root cannot log in through SSH:
/etc/ssh/sshd_config, change the item '
PermitRootLogin' to '
- Change the default port where SSH listens
/etc/ssh/sshd_config, change the port on line '
Port 22' to a port of your choice.
- Change root password
As root, type '
passwd' and type new password twice.
Note! Don't forget your new root password!
- Set 'user' password (to enable login with 'user' through ssh)
As root, type '
passwd user' and type new password twice.
You can either do these changes by opening the terminal and changing to root or log in as root via SSH. To change to root in the terminal, you can use the command (typing the root password at the password prompt):
After these changes, either reboot your phone or do the following:
- Kill the session "/usr/sbin/sshd -D -4" with the command:
pkill -o sshd
- SSHD will respawn automatically.
SSH daemon should be listening on the new port now, with root login disabled over SSH.
A few notices!
- If you do development, I'm not sure how making these changes affect the way the SDK tools work. But, reversing the steps should put the situation back to as it was before it some development tool doesn't integrate with the device any more.
- Do not enable developer mode unless you are doing development or like to play around in the Linux core. There be dragons..