alexwhite19800
asked on
Jailbreak and Rooting on mobile devices
Android: https://en.wikipedia.org/wiki/Rooting_(Android_OS)
iOS: https://en.wikipedia.org/wiki/IOS_jailbreaking
A Good linke: https://www.owasp.org/index.php/Mobile_Jailbreaking_Cheat_Sheet
I'm trying to better understand Jailbreak (JB), rooting on mobile devices, the differences between the two and the risks.
My general understanding is that both provide admin access to the mobile device and bypass restrictions that are in the OS that are set for various protection mechanisms.
For example, on Apple, the user could download software from non-Apple store sources. The flip side is that a software could maliciously install itself (e.g. as found with the Pegasus issue).
Questions:
i. I'm still not fully understanding the difference between JB and root apart from the platfrom they work on (iOS v Android)
ii. Admin access is granted to the user with both of these. What access does the user have before?
iii. Certain apps provide Jailbreak and root detection. How does this work? Is there a standard way to check, or are there signatures to watch out for?
iv. Are there varying degrees of JB/root? Or if a devices if JB/rooted, that's it...e.g rooted to allow one type of bypass, but not others
v. What is the security risk of JB/rooted devices if managed carefully?
iOS: https://en.wikipedia.org/wiki/IOS_jailbreaking
A Good linke: https://www.owasp.org/index.php/Mobile_Jailbreaking_Cheat_Sheet
I'm trying to better understand Jailbreak (JB), rooting on mobile devices, the differences between the two and the risks.
My general understanding is that both provide admin access to the mobile device and bypass restrictions that are in the OS that are set for various protection mechanisms.
For example, on Apple, the user could download software from non-Apple store sources. The flip side is that a software could maliciously install itself (e.g. as found with the Pegasus issue).
Questions:
i. I'm still not fully understanding the difference between JB and root apart from the platfrom they work on (iOS v Android)
ii. Admin access is granted to the user with both of these. What access does the user have before?
iii. Certain apps provide Jailbreak and root detection. How does this work? Is there a standard way to check, or are there signatures to watch out for?
iv. Are there varying degrees of JB/root? Or if a devices if JB/rooted, that's it...e.g rooted to allow one type of bypass, but not others
v. What is the security risk of JB/rooted devices if managed carefully?
Agreed.
What is your purpose of Jailbreak?
I have tried once and the purpose is for data recovery of deleted photos and videos.
What is your purpose of Jailbreak?
I have tried once and the purpose is for data recovery of deleted photos and videos.
They are generally the same and I dont suggest there is need to delve deeper to the nitty gritty as it is to do with gaining Kernel privileges for rooted Android and what Apples restrict user to have liberty and more freedom of using the smartphone their (not Apples) way.
If I will to put it simply, it is those that you cannot do unless you JB or root the smartphone. But you can view the root like on how it is deemed on Linux and other UNIX-like operating systems, the root user is essentially the same as the Administrator user on Windows.
After rooting, you can grant specific applications access to root permissions, allowing them to do almost anything they want to the OS. For example, an application with root permissions could uninstall system applications, install low-level system binaries, revoke permissions installed apps require, and more privileged tasks. For Linux it is almost anything you can do on such a system, hence map it as if you can do with root access on your phone.
Also, manufacturers included control of many of the features for software developers to use. But there are still certain things that the phone has the ability to do but are not allowed to us by default.
As a whole, Rooting or JB gets "mostly" around OS security architecture and this could potentially cause problems if users don’t know what they’re doing. The device can be exploited by malware since it is already in a privileged state and the level of deterrence is lowered and more enticing for attacker to further penetrate and impact your privacy indirectly.
For detection of the JB and rooted stated, most of the time is to rely on the MDM that managed those device centrally. But the actual thing done esp for Apples is not openly shared though likely it is shed in more evidence trails using those tool to help that get to the state of "tamper".
Check out this summary for better appreciation of the detection which may help in understanding
Even the tool used need to be upgrade for change of the mobile OS so it is definitely dealing within the Kernel that I do advice not to touch unless you are savvy.
If I will to put it simply, it is those that you cannot do unless you JB or root the smartphone. But you can view the root like on how it is deemed on Linux and other UNIX-like operating systems, the root user is essentially the same as the Administrator user on Windows.
After rooting, you can grant specific applications access to root permissions, allowing them to do almost anything they want to the OS. For example, an application with root permissions could uninstall system applications, install low-level system binaries, revoke permissions installed apps require, and more privileged tasks. For Linux it is almost anything you can do on such a system, hence map it as if you can do with root access on your phone.
Also, manufacturers included control of many of the features for software developers to use. But there are still certain things that the phone has the ability to do but are not allowed to us by default.
As a whole, Rooting or JB gets "mostly" around OS security architecture and this could potentially cause problems if users don’t know what they’re doing. The device can be exploited by malware since it is already in a privileged state and the level of deterrence is lowered and more enticing for attacker to further penetrate and impact your privacy indirectly.
For detection of the JB and rooted stated, most of the time is to rely on the MDM that managed those device centrally. But the actual thing done esp for Apples is not openly shared though likely it is shed in more evidence trails using those tool to help that get to the state of "tamper".
Check out this summary for better appreciation of the detection which may help in understanding
http://www.brianmadden.com/opinion/How-root-jailbreak-detection-works-on-Android-iOS-Is-it-effective-enough-to-actually-rely-on
to detect rooting in Android. For the most part, it involves trying to execute code that shouldn’t be executed, like switching to SU or shelling out a command. It can also be done by checking for software or executing processes and comparing the output against a list of known, uncompromised outputs
For iOS, things appear slightly more elegant. Testing for jailbroken devices can involve looking for files or directories that shouldn’t exist, like Cydia.app or any of the files/directories that rogue applications create. You could also check to see if OpenSSH is installed, since that’s usually enabled on jailbroken phones, by simply trying to establish a connection to the loopback address
Even the tool used need to be upgrade for change of the mobile OS so it is definitely dealing within the Kernel that I do advice not to touch unless you are savvy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When my android phone ran past warranty i installed Cyanogenmod and it got new life without ugly vendor applications that nag you to register all the time etc.
I think root is not absolute must for aftermarket firmwares, but it is sweet to block excessive ads in some programs (especially on a metered connection)
I think root is not absolute must for aftermarket firmwares, but it is sweet to block excessive ads in some programs (especially on a metered connection)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I could possibly see mucking about with old and unsupported product, but Alex has (in other posts) been talking about new machines with IOS 10.
Just to share for Android checking for rooted stated, security apps installed typically called the supplied "SafetyNet" API. Google has also made the SafetyNet API available to all third-party app developers to check for the presence of root.
But you may want to take note that even mechanism to check can be bypass if the platform is already in an compromised ("infected") stated. See this though applicable for Android 6.0 or newer only
http://forum.xda-developers.com/apps/supersu/suhide-t3450396
The service provides an API your app can use to analyze the device where it is installed. The API uses software and hardware information on the device where your app is installed to create a profile of that device. The service then attempts to match it to a list of device models that have passed Android compatibility testing. This check can help you decide if the device is configured in a way that is consistent with the Android platform specifications and has the capabilities to run your app.https://developer.android.com/training/safetynet/index.html
But you may want to take note that even mechanism to check can be bypass if the platform is already in an compromised ("infected") stated. See this though applicable for Android 6.0 or newer only
suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary) from other applications.Suhide works only on a stock ROM (to beat Google's SafetyNet) based on Android 6.0 Marshmallow or higher.
http://forum.xda-developers.com/apps/supersu/suhide-t3450396
Any update?
Jailbreaking generally has some equivalence to rooting, but it tends to refer to getting out of the "jail" that the OS vendor has established. For the primary example, it allows you to install software that someone other than the OS vendor supplies. Going outside of the Apple store is why most people do it. Some Windows phones/tablets can also be jailbroken in order to install non-MS apps.
Rooting essentially refers to gaining 'root' access to an Android device, though it could refer to Linux and possibly other OSes. Since 'root' is the common Android/Linux name for the 'Administrator' account, the term is mostly only meaningful on those systems. But it can carry over to Windows, etc., as long as it simply means gaining user access to 'root' capability. It isn't always for non-vendor-approved apps. It can simply be to change the UI to match personal style or to make any other change that is normally restricted by the device or OS vendor without 'root'.
Rooting essentially refers to gaining 'root' access to an Android device, though it could refer to Linux and possibly other OSes. Since 'root' is the common Android/Linux name for the 'Administrator' account, the term is mostly only meaningful on those systems. But it can carry over to Windows, etc., as long as it simply means gaining user access to 'root' capability. It isn't always for non-vendor-approved apps. It can simply be to change the UI to match personal style or to make any other change that is normally restricted by the device or OS vendor without 'root'.
The risks of compromise are too great in a business.