Recently, a piece of iOS malware by the name of Keyraider stole the account information of over 225,000 Apple device users, along with thousands of certificates, private keys, device IDs and purchasing receipts. It’s possibly one of the largest malware attacks suffered by the platform in history, and has already impacted users in over 18 countries. In addition to downloading massive amounts of data, the malware’s distributors have also used it to hold devices for random.
Interestingly, but unsurprisingly, Keyraider targets only jailbroken devices.
Although jailbreaking and rooting gives a device’s user more freedom, it also completely undercuts the integrity of the device’s security, according to TechCrunch’s Sarah Perez. Since jailbreaking involves tweaking and disabling built-in security protections, jailbroken devices are far more vulnerable to hackers and malware. The reason for this is simple: any given jailbreaking tactic is, at its core, an exploit that disables or bypasses the integrated security capabilities of the native operating system.
There is an interesting corollary to the second of Microsoft’s 10 Immutable Laws of Security here: “if a bad guy can alter the OS on your computer, it’s not your computer anymore.” In this case, “If a third party convinces you to alter the OS on your computer, then sooner or later it won’t be yours anymore.” By jailbreaking a phone, users are altering their device in a similar fashion to an attacker, pre-emptively handing their device over to a “bad guy.”
It doesn’t take much to imagine why this might be a serious concern in an enterprise setting.
Why Jailbreaking Is Bad For Business
Although the distributors of Keyraider were only interested in stealing user data, what’s to stop a hacker from targeting jailbroken devices within an organization? What’s to stop a criminal from stealing trade secrets and sensitive information instead of App Store passwords and receipts?
Nothing, warns Gartner, especially given that jailbreaking makes it easier to bypass containerization.
(Read onward to learn more about how to stop threats from jailbroken or rooted phones. To learn more about BlackBerry’s many cross-platform enterprise customer wins in the last 3 quarters, read BlackBerry Q2 Earnings Show Continued Cross-Platform Enterprise Customer Growth.)
In order to protect your organization and its data, it’s imperative that you educate employees on the dangers of jailbreaking or rooting their devices. Explain to them how a jailbroken device puts your organization at risk, and make it clear how jailbreaking can compromise not just your business’s data, but their personal data as well.
Of course, such lessons can only go so far. It’s practically an unwritten rule of IT security that a user will eventually do something you don’t want them to do. And in this case, that involves jailbreaking their devices in spite of your instructions.
So, to sum up, we’ve three takeaways from the Keyraider story, all related:
Malware can readily compromise a device that’s been rooted or jailbroken. Therefore…
It is imperative that you implement security awareness training for employees. However…
Some employees will always make mistakes, so jailbreak detection is necessary as an additional layer of defense.
Jailbreak Jammers and You – How to Prevent User Efforts to Avoid Detection
Some users take things beyond simple ignorance and attempt to camouflage themselves via a jailbreak jammer. These tools, according to Mobile Security Labs,allow the users of jailbroken devices to dodge jailbreak detection. This in turn allows employees to use said devices in an otherwise secure setting, putting your business’s data at risk.
Not all MDM and EMM applications are capable of detecting and overriding jailbreak jammers, either. In order to effectively deter users from jailbreaking, you need to use multiple, advanced jailbreak detection techniques. That’s where BES12and Secure Work Space come in.
Secure Work Space offers a sophisticated jailbreak detection tool with multiple techniques as part of its standard operating environment. Before installing, SWS will detect if a device is currently jailbroken and, if so, will cancel the install. If an SWS-enabled device already on the BES12 network is rooted or jailbroken, the action will immediately trigger a flag. At that point, it will do one of three things:
- Notify the administrator, and nothing else.
- Quarantine the device from the enterprise network.
- Immediately wipe Secure Work Space from the device, and with it all work data and access to the enterprise network.
In addition, using BES12 means you’ll enjoy all the benefits of BlackBerry’s industry-leading enterprise mobility management (EMM) software. That includes single-screen management of applications, content and devices; intuitive support for multiple deployment models; scalable architecture; and end-to-end security built upon a renowned global network. With BES12 and Secure Work Space, you’ll be able to easily keep your business safe from compromised devices, careless users and any other mobile security threats it might face.
The Keyraider incident offers a sobering warning to enterprises and employees alike. Although rooting and jailbreaking will continue to remain popular, they nevertheless represent a significant security threat, and one that cannot be ignored. If employees want to crack the security on their personal devices, that’s their own business.
However, they cannot expect to use that device in the workplace – and you cannot allow them to.
Jailbreak detection is just one small part of a comprehensive mobile security strategy. There’s much more involved in protecting your business from the latest mobile security threats – and our Definitive Guide to Enterprise Mobile Security is just the document to help you along in doing so. You can download it for free here.