Jailbroken iPhone owners, you've already been warned this week
with a different hack. This one uses the same "vulnerability" to "rickroll" the homescreen of jailbroken iPhones.
To "rickroll" someone is to intentionally redirect them to a video of "Never Gonna Give You Up" from one two-hit-wonder 80's pop "superstar" Rick Astley, but it's also used for a variety of Astley-ish stunts. Thus, this one, in which a hacker named "ikee" hacked into jailbroken iPhones to replace their home screen with a Rick Astley background.
Just as with the hack we wrote about earlier, it has to do with the fact that as SSH is generally enabled on jailbroken iPhones, if you don't change your default root password, you will be vulnerable. This is really no different than how people don't change their router password either. Just as with many routers, the default password used by Apple is well-known (alpine).
This and the earlier hack leverage the fact that many fail to modify that password. The first hack tried to blackmail users into giving the hacker €5. The second "rickroll" hack is actually more of an experiment (according to the writer), who freely gives up information on removal
That doesn't mean the "rickroll" hack isn't pervasive. Once an iPhone is infected it looks for others to infect.
For once, Apple's warnings about jailbroken iPhones is correct: they can
be more vulnerable. That isn't necessarily the case, however. It's not that hard to secure your jailbroken iPhone; you just have to remember to do so.
There are two ways to secure your jailbroken iPhone. You can turn off SSH when you are not using it (SBSettings is a well-known app for jailbroken phones you can use for this), and / or you can change your root password. For that, you can use MobileTerminal (another well-known app).
It's six of one, half dozen of the other. Jailbreaking gives you access to tons of functionality that you can't normally access. It also usually opens up some issues, including bugs and security holes.