Mobile Jailbreaking Cheat Sheet
Last revision (mm/dd/yy): 04/7/2014
Dangers of Jailbreaking and Rooting Mobile Devices
What is "jailbreaking" and "rooting"?
Jailbreaking and rooting is the process of gaining unauthorized access or elevated privileges on a system. The terms are different between operating system, and the differences in terminology reflect the differences in security models used by the operating systems vendors.
For iOS, Jailbreaking is the process of modifying iOS system kernels to allow file system read and write access. Most jailbreaking tools (and exploits) remove the limitations and security features built by the manufacturer Apple (the "jail") through the use of custom kernels, which make unauthorized modifications to the operating system. Almost all jailbreaking tools allow users to run code not approved and signed by Apple. This allows users to install additional applications, extensions and patches without the control of Apple’s App Store.
On Android, Rooting is the process of gaining administrative or privileged access for the Android OS. As the Android OS is based on the Linux Kernel, rooting a device is analogous to gaining access to administrative, root user-equivalent, permissions on Linux. Unlike iOS, rooting is (usually) not required to run applications outside from the Android Market. Some carriers control this through operating system settings or device firmware. Rooting also enables the user to completely remove and replace the device's operating system.
Why do they occur?
iOS: Many users are lured into jailbreaking to take advantage of apps made available through third party app sources, such as Cydia, which are otherwise banned or not approved by Apple. There is an inherent risk in installing such applications as they are not quality controlled nor have they gone through the Apple approval and application approval process. Hence, they may contain vulnerable or malicious code that could allow the device to be compromised. Alternately, jailbreaking can allow users to enhance some built in functions on their device. For example, a jailbroken phone can be used with a different carrier than the one it was configured with, FaceTime can be used over a 3G connection, or the phone can be unlocked to be used internationally. More technically savvy users also perform jailbreaking to enable user interface customizations, preferences and features not available through the normal software interface. Typically, these functionalities are achieved by patching specific binaries in the operating system. A debated purpose for jailbreaking in the iOS community is for installing pirated iOS applications. Jailbreaking proponents discourage this use, such as Cydia warning users of pirated software when they add a pirated software repository. However, repositories such as Hackulous promote pirated applications and the tools to pirate and distribute applications.
Android: Rooting Android devices allows users to gain access to additional hardware rights, backup utilities and direct hardware access. Additionally, rooting allows users to remove the pre-installed "bloatware", additional features that many carriers or manufacturers put onto devices, which can use considerable amounts of disk space and memory. Most users root their device to leverage a custom read only memory (ROM) developed by the Android Community, which brings distinctive capabilities that are not available through the official ROMs installed by the carriers. Custom ROMs also provide users an option to 'upgrade' the operating system and optimize the phone experience by giving users access to features, such as tethering, that are normally blocked or limited by carriers.
What are the common tools used?
iOS: Jailbreaking software can be categorized into two main groups:
Some common, but not all of the iOS jailbreaking tools are listed below:
A more comprehensive list of jailbreaking tools for iOS, exploits and kernel patches can be found on the iPhoneWiki website.
Android: There are various rooting software available for Android. Tools and processes vary depending on the user’s device. The process is usually to:
Not all of the above tasks are necessary and different toolkits are available for device specific rooting process. Custom ROMs are based on the hardware being used; examples of some are as follows:
CyanogenMod ROMs are one of the most popular aftermarket replacement firmware in the Android world. More comprehensive device specific firmwares, flashing guides, rooting tools and patch details can be referenced from the homepage.
ClockWorkMod is a custom recovery option for Android phones and tablets that allows you to perform several advanced recovery, restoration, installation and maintenance operations etc. Please refer to xda-developers for more details.
Why can it be dangerous?
The tools above can be broadly categorized in the following categories:
Some high level risks for rooting or jailbreaking devices are as follows:
What controls can be used to protect against it? Before an organization chooses to implement a mobile solution in their environment they should conduct a thorough risk assessment. This risk assessment should include an evaluation of the dangers posed by jailbroken or rooted devices, which are inherently more vulnerable to malicious applications or vulnerabilities such as those listed in the OWASP Mobile Security Top Ten Risks. Once this has assessment has been completed, management can determine which risks to accept and which risks will require additional controls to mitigate. Below are a few examples of both technical and non-technical controls that an organization may use.
Some of the detective controls to monitor for jailbroken or rooted devices include:
Note: Most Mobile Device Management (MDM) solutions can perform these checks but require an application to be installed on the device.
Organizations must understand the following key points when thinking about mobile security:
Jailbreaking and rooting tools, resources and processes are constantly updated and have made the process easier than ever for end-users. Many users are lured to jailbreak or root their device in order to gain more control over the device, upgrade their operating systems or install packages normally unavailable through standard channels. While having these options may allow the user to utilize the device more effectively, many users do not understand that jailbreaking or rooting can potentially allow malware to bypass many of the device's built in security features. The balance of user experience versus corporate security needs to be carefully considered since all mobile platforms have seen an increase in malware attacks over the past year. Mobile devices now hold more personal and corporate data than ever before and have become a very appealing target for attackers. Overall, the best defense for an enterprise is to build an overarching mobile strategy that accounts for technical controls, non technical controls and the people in the environment. Considerations need to not only focus on solutions such as MDM, but also policies and procedures around common issues of BYOD, and user security awareness.
Authors and Primary Editors
Developer Cheat Sheets (Builder)
Assessment Cheat Sheets (Breaker)
Mobile Cheat Sheets
OpSec Cheat Sheets (Defender)
Draft Cheat Sheets