What specific risks do iOS jailbroken devices present to a BYOD environment? Is there any way to detect if an employee's...
personal device has been jailbroken?
According to security firm F-Secure Corporation's Mobile Threat Report Q1 2014, 275 of the 277 new mobile threat families (or new variants of known families) it detected during the first quarter of this year were designed to infect Android devices. F-Secure only discovered one mobile threat targeting iOS, and it required the Apple Inc. device to be jailbroken in order to work. These findings mirror those of numerous other technology vendors, including Cisco, which reported that 99% of all detected mobile malware targeting its customers in January 2014 was designed to infect Android devices.
Although iOS seems to be an inviting target for hackers due to its huge user base, the fact is that Apple's rigid control over app distribution has kept the risk of users being infected with malware very low. There are only a dozen or so instances of iOS malware, and most of it only works on jailbroken phones.
Apple's model works well as long as users only download apps from the official Apple App Store or in-house enterprise app stores and don't jailbreak their phones. Jailbreaking is a form of privilege escalation, as it permits root access to the iOS file system and manager. These additional privileges allow a user to download programs not approved by Apple, as well as unlock carrier-locked devices so the phone can be used with other carriers. However, jailbreaking an iOS device compromises the security measures Apple puts in place to protect it. Also, it is not just the user who has root access on a jailbroken device, malware can also gain root privileges. This is why the vast majority of iOS malware only works on jailbroken devices.
So, to answer your question, a jailbroken device -- and potentially the corporate network to which it connects -- are open to attack by hackers. An enterprise BYOD policy should ban the use of jailbroken phones, and by using products such as Sophos Mobile Control, ESET Mobile Security for Business or Kaspersky Security for Mobile, administrators will be able to detect jailbreaks, blacklisted apps or insecure settings of devices connecting to the network, as well as block or quarantine them.
It is important to note, though, that jailbreak detection is not a perfect science. With that in mind, it is important to educate users about the personal and business risks associated with a rooted or jailbroken device. For example, bypassing digital rights management restrictions that stop users from sharing copyrighted media would certainly breach legal and compliance regulations. Also, devices should always be updated to the latest version of iOS, and desktops should run security software, as attacks to jailbreak a device can be launched from the machine a user docks it to. However, the easiest way for malware to get onto a mobile device is for someone to manually install it, so enterprises should promote physical security best practices, including screen locking, as this prevents anyone from changing settings or installing an app when the phone owner's back is turned.
Ask the Expert!
SearchSecurity expert Michael Cobb is ready to answer your application security questions -- submit them now! (All questions are anonymous.)
Learn more about locking down and preventing jailbroken devices.
View SearchConsumerization's guide on mobile device management.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading