Marble Security Labs has issued an alert that highlights a new and dangerous threat to large and small businesses alike. It’s called a Jailbreak Jammer, and, left unchecked, it can seriously compromise network security.
Jailbreak Jammer apps camouflage the fact that a mobile device has been jailbroken or rooted.
Jailbreaking and rooting are processes that allow mobile users to load applications and use services — such as a jammer app — that have not been vetted and approved for delivery through traditional channels (i.e., a sanctioned app store).
One of the problems with jailbreaking is that it compromises any mobile security that has been put into place to protect mobile devices and the networks they connect to. That’s why most mobile device management (MDM) products prevent jailbroken iPhones, iPads and Android smartphones and tablets from connecting to a network.
That’s also why jammers pose such a huge security risk, especially to “those allowing BYOD, because experience shows us that even just one compromised device can eventually lead to a massive breach," says chairman of the Anti-Phishing Working Group (APWG) David Jevans, who is also Marble Security's founder and CTO.
BizTech asked Jevans to elaborate on the dangers of Jailbreak Jammers.
JEVANS: A Jailbreak Jammer is software that can be downloaded to a jailbroken iPhone or iPad or to a rooted Android device to prevent security software, MDM software and apps that have protected content from detecting if the device is jailbroken or rooted.
This class of malicious software evades detection in several ways:
• It can patch the jailbreak- or root-detection algorithms of security and MDM software which reports whether a device is unsecure.
• It can reconfigure operating-system settings and move files around to trick MDM and security software into not detecting unsecured devices.
• It can patch operating-system modules to report false results to MDM and security software regarding the status of the operating system.
JEVANS: Companies know that having a jailbroken or rooted device connected to their internal networks is a huge security violation and risk. There are effectively no security protections on such a device, and it can run backdoors, such as SSH servers, that can allow external parties to gain access to the device and hence to the internal corporate network.
JEVANS: About 7.5 percent of iPhones are jailbroken (this number is closer to 25 percent in China) [according to Marble Security research]. There are 300 million active iPhones, and over 22 million are jailbroken and active every month.
JEVANS: Jammed [devices] allow users to install and operate apps that can steal passwords, steal access credentials to the internal network, Active Directory, ActiveSync, et cetera. These credentials can allow attackers and those involved in Advanced Persistent Threats to gain access to corporate data and systems.
JEVANS: You can side load [a jammer] onto an Android device without rooting the device. On iOS you must be jailbroken to install a jammer, although there are some edge cases where you could install an app that had this functionality through hijacked developer accounts.
JEVANS: Yes, policies are a crucial part of any BYOD program. Policies should be in place so that if a user is found to have a jailbroken or rooted device and is circumventing detection through the use of a Jammer, their BYOD privileges should be revoked.
JEVANS: Employees may not realize the huge risks that they are exposing their employer to by bringing such devices to work or connecting to enterprise systems with such devices. The malware community is increasing its efforts to target enterprises, and the mobile channel is one effective way. Organizations need to work with security companies who have proactive labs to detect these new threats, both from external attackers and insiders.