Why do people (and hackers) Jailbreak iOS & Root Android?
Hackers Jailbreak iOS & Root Android devices so they can unlock/control the OS and escalate administrative privileges. Once they control the OS, they usually try to disable security protections. This puts your app in a relatively defenseless state, and easy to attack.
Jailbreaking has a long history going back to pre-2008 when Apple didn’t have an AppStore. If you wanted “cool stuff” you had to look outside Apple or else, you were relegated to running everything over a browser. Today, there are many reasons people jailbreak or root their mobile devices. Just philosophically gaining greater control over a personally owned device could be a driver. Increasing performance, tweaking the UI or expanding the places where they can download apps from, just to name a few.
Jailbreaking and rooting of mobile devices is a very common practice in mobile development as well as mobile hacking. There are plenty of tools like Frida, unc0Ver, KingoRoot, Magisk, MagiskHide, malware, and cheat engines that make jailbreak or rooting trivial. Recent such this one by Kaspersky which tracked jailbreak/rooting by region reported somewhere in between 10% — 40% of devices are either rooted or jailbroken. They also discovered that jailbreak/rooting was highly correlated with reports of successful attack/compromise (over 60%). In Appdome’s Annual State of Mobile App Security Review, we found that over 70% of mobile apps lack basic protection against jailbreaking and rooting. This all translates to a rather large attack surface with a high chance of success — a virtual goldmine for hackers.
But just like developers and users love to jailbreak and root mobile devices, so do hackers. Mobile apps operate in zero-trust environments. As a developer, you have little (or no) control over users’ devices. Any user can jailbreak or root their device at any time. Hackers use jailbreak on iOS and root on Android as the quick path to exploit your app.
Top 3 Reasons To Protect Apps From Jailbreaking and Rooting
- FULL ADMIN CONTROL — jailbreaking and rooting gives hackers full control to perform system-wide operations on a device — full stop. T hey can modify the OS, run scripts that grab data stored in shared areas of the file system, they can even compromise non-shared areas (like your app sandbox).
- DISABLE SECURITY DEFENSES — Once jailbroken or rooted, the hacker has compromised the OS and gains administrative control over the device. This could make it impossible for users to use your app or for the hacker to present the user with false or malicious information.
- AUTOMATE MALWARE — Jailbreaking also makes it easier for hackers to deliver, update and automate malware attacks to achieve scale.
From Pegasus to EventBot
While a user typically jailbreaks or roots their own mobile device, this isn’t always the case. Remember the now-infamous Pegasus spyware from back in the day?
For this attack to work, an attacker simply sends an SMS message with a link to malware to a targeted iPhone. If the iOS version is 9.3.4 or lower, it’s vulnerable, and if the user clicks on the link, the malware is automatically downloaded and installed.
The malware jailbreaks the mobile device. It does this by taking advantage of three zero-day vulnerabilities. This allows the malware to gain access to information such as chat, mail, calendar, and social media. It then sends the details to the attacker. Pegasus can even be used to turn on the mobile device’s microphone and eavesdrop on conversations.
Fast forward to 2020, and now we have EventBot, the new new of mobile malware. It’s modular, automated, disguised, and designed from the ground up to be remotely updatable. Turning a blind eye to jailbreak and rooting nurtures a perfect environment for malware like EventBot to flourish because hackers rely on the ability to compromise the OS in order to deliver it.
No-code Jailbreak and Root Protection
Appdome’s no-code mobile development and security platform enables developers and security folks to protect any iOS or Android app against jailbreak/rooting without any coding at all. This enables your app to detect when it’s running on in a compromised environment and defend itself.
Shutting down the app upon jailbreak detection or root detection is one option, but since blocking all jailbroken or rooted devices isn’t practical in many situations, there are alternative options. Instead of blocking, the user and or administrator can be notified upon detection, or the app’s functionality can be depreciated until the situation has remediated.
Jailbreak detection and root detection are just two of multiple Appdome security features that can be selected when you build your app. Appdome offers other protections that I’ve blogged about such as anti-tampering and checksum verification that give your app an increased level of security, even when operating on a jailbroken or rooted device.
When you select the features you would like to build into your app from Appdome, you can pick root detection in the case of Android or jailbreak detection in the case of iOS. You can even disallow your Appdome-secured apps from running if the user has enabled “Allow app install from unknown sources” on their mobile device.
In addition to setting a policy-based response to jailbreak and root detection Appdome includes a multi-layered approach to detect if a device has been jailbroken or rooted, including access violation detection, integrity checks and checksum validation. You can implement jailbreak/root prevention by itself or in conjunction with other Appdome security features, such as anti-tampering, encryption, and obfuscation. In summary, with Appdome you can increase the security of your app, build a layered defense with features that reinforce one another, and instrument automated response actions according to your specific security model or use case.
This blog is part of Appdome’s Mobile Security Basics category, which is appropriate for readers of any level to increase their Mobile security knowledge.
Check out our free Developers Guide to Mobile App security to understand why mobile app security is so important, and see how Appdome makes it easy for mobile app developers to secure their apps from the Get-go!
Originally published at https://www.appdome.com on August 2, 2020.