Is detection of jailbroken/rooted phone sufficient against threats?

It is widely known that performing jailbreaking/rooting opens the mobile device to security vulnerabilities. It often leaves a gap for malwares to gain elevated permissions on a device. This elevated access allows an adversary to silently and stealthily spy on victims, collecting information from voice communications, camera, email, messaging, GPS, passwords, and contact lists. Functions that detect Jailbroken/rooted devices is most commonly added to transactional mobile applications, serving as the most basic defence against threats. However, this is nothing but a drop in a bucket.

The Digital Future.

The world is going digital. Our smartphones are the most intimate possession we carry around in our pockets, some may even argue that our phones know everything about us. For that very reason, it could arguably be the reason why most FinTech companies are pivoting their services to mobile devices – just to be close to their end-users. Unfortunately, end-users are often the weakest link. From an aerial view of the mobile threat landscape, some of the most prevalent attacks performed by cybercriminals are through malware attacks, phishing, and SIM-Swapping. Between 2018 and 2019, it is estimated that 1,100 million baht worth of damaged was caused by social engineering frauds, such as phishing, creating fake websites, fake profiles or spoofing using fake images on social media in Thailand, a recently released statement by the Thai Royal Police.

Beyond social attacks also lies technical attacks such as hooking. Hooking is a code modification/tampering technique that can perform malicious activities such as API function monitoring, debugging and reverse engineering, stealing personal information, changing the behaviours of the app itself to do un-authorised activities. Hooking attacks renders the most damage and it happens underneath your “skin”.

In perspective, it can be incredibly challenging for banks or their end-users to avoid such attacks by cybercriminals. The banks can only do so much as to implement mechanisms to mitigate such attacks.

Looking Beyond.

Fortunately, V-Key has a solution. In an insecure OS environment when the phone is compromised, apps integrated with V-OS Application Protection has mechanisms to detect rooting and jailbreaking of mobile OS. On top of that, V-OS will allow the mobile app to run smoothly without compromising it’s integrity and confidentiality. There will be no breaking of its security or leakage of sensitive information stored inside the app.

V-OS can also detect and prevent attackers from hooking on to the app during run-time, by implementing various mechanisms one such method to detect rooting/jailbreak so that V-OS will expect a hooking attempt on the app. Also we remove all debug information which could give any clues to the attacker and also encrypt data at rest and in transit as much as possible.

Such threats are reported back to V-OS App Protection Threat Intelligence server for analysis and response action by system administrators. V-Key’s software performs Root/Jailbreak checking only as a first line of defense but the security of V-OS is not dependent on such checks.

There is no guarantee that jailbreak/root detection is enough to fully secure devices against threats. Hence, it is critical that companies look beyond jailbreaking/rooting, and seek protection against extensive threats such as, app debugging, reverse engineering, API Frida hooking and more.