The Myths of Mobile Jailbreaking…

Posted on by

Ever since the beginning of the mobile revolution, device manufacturers and telecom carriers have sought very tight control of the terminals.

On the one hand, phone manufacturers argue that built-in safety measures such as encryption and restricted access to sensitive APIs are the only way to ensure the integrity of the software (including the firmware, the OS, and the apps running on top of the OS) and the privacy of its users. Carriers are also worried that rogue devices may be able to connect to their networks with unknown consequences.

On the other hand, hackers and free software advocates have been able to circumvent the security measures in the OS of these mobile devices. Finding and exploiting vulnerabilities in the OS to gain control of the terminal is often referred to as jailbreaking or rooting. Jailbreaking/rooting a device can have legitimate reasons: some users argue that they should be able to install any software on a device they own or get rid of the apps bundled by the carrier or phone manufacturer. For instance, a popular firmware like CyanogenMod for Android requires the device to be rooted prior to installation. Obviously, jailbreaking can also be used to commit fraud or crime: for instance, install a Trojan or key logger on a device, breach the security of a corporate network or remove the tracking function from a stolen device.

This tug-of-war has been going on for a while now and shows no sign of slowing down: hackers find a new vulnerability to exploit; security experts detect and analyze the exploit then issue a patch … until the next exploit surfaces. This situation is very similar to what has been happening in the software industry for years between virus writers and security experts.

Three major reasons explain this never-ending game of whack-a-mole. First, the size of the code of a typical OS (millions of lines of code) and the constant need for new releases means that there are always bugs that can be exploited. Second, there is always a delay between the active exploitation of a software vulnerability and the discovery/patch of this vulnerability by security experts. Finally, there is no bulletproof method to detect that a device has been rooted.

Generally speaking, the detection methods for rooting rely on finding specific fingerprints left behind by known programs that are used to root a device. The issue here is that these fingerprints change potentially with every version of the exploiting program, and sophisticated hackers can fool the detection program and hide these specific signatures altogether. In this respect, jailbreak and root detection is no different from anti-virus, and as we have seen in the World of anti-virus the protection always lags the exploit, and it is often available only after the damage has been done.

So, what does it all mean? For mobile developers, it means that they cannot make the assumption that the underlying OS they rely on to communicate with the device is not jailbroken/rooted.

With the growing realization that what needs to be secured is the data, not the device, the mobile industry is turning to secure containers to isolate the mobile apps from the (possibly compromised) OS. This reality is especially important as the BYOD movement is gathering steam in many industries rendering device wide security policies hard to implement.

While in theory, a container may be rooted as well, it is a lot less likely since the size and complexity of the code (the attack area) is much smaller than that of a typical OS and the code is usually very stable in time. Of course, a secure container is only a piece of a wider end-to-end secure delivery system, but it is an essential piece that must be designed and implemented with care. Particular care must be taken to ensure that attacks directed at the runtime system of the OS (e.g., the Dalvik VM) do not compromise sensitive functionality like encryption. While this places a higher burden on the container developer, when devices are handling sensitive data IT and end users should expect nothing less.

Find out how the Link solution can help you secure data and applications even on potentially jailbroken/rooted devices here.

– Frederic

Leave a Reply