The passwords were extracted from an official Apple iPhone restore image, which you can download for free. To extract and see its contents, rename the file to .zip extension and then unpack it. The archive contains two .dmg disk images: a password encrypted system image 694-5262-39.dmg and an unencrypted user image 694-5259-38.dmg. Hacker managed to discover from the unencrypted image that all iPhones shipped with predefined passwords to ‘root’ and ‘mobile’ accounts, complete with the passwords hashes which is encrypted with insecure 64-bits encryption system. This is enough for password cracking utility such as John the Ripper, commonly used to recover Windows password to reveal the actual decrypted password for root and mobile account.
So now we have the password for these 2 accounts in iPhone firmware, both a simple 6 letter words in all lower case characters
But what’s next? Nobody knows how to use these passwords yet, as iPhone has no console or terminal access, and runs no service such as SSH, so there is no way to log in as either account. May be hackers can run the iPhone restore image in virtual image to simulate an iPhone to further crack the firmware to unveil hidden features or functionalities, or add in more software, and then repack the restore image to flash into iPhone. But at this technical level, the hackers will be easily gain access into internal structure of iPhone without the cracked passwords.
So meanwhile, just keep the 2 passwords for root and mobile, just in case iPhone crackers really make some headway, or there is surprise from Apple.