Hackers and security researchers have already found a nice collection of vulnerabilities in the iPhone, including an overflow issue in Safari that could allow unsigned code to infect the phone.

The best vulnerabilities, however, are the two passwords found in the firmware that let applications run as root:

Among the advances made to date, hackers have discovered the password the iPhone requires to give an application root access is, amazingly, “dottie” (minus the quotation marks). A second password for mobile access is “alpine.”

The passwords were remarkably easy to learn. Researchers posting in a forum on Hackintosh first downloaded the file that iTunes accesses when a user wants to restore the iPhone software. A simple run with John the Ripper, a popular password cracking program, on one of the files contained in the download and the passwords became public knowledge.

Bloops!

iPhone hackers disclose vulns and hunt for clues [TheRegister]