The dangers of jailbreaking or rooting devices

Jailbreaking, rooting and unlocking are the processes of gaining unauthorized access or elevated privileges on a system. The terms are different between operating systems, and the differences in terminology reflect the differences in security models used by the operating systems vendors.

Here are just some of the dangers that you’re exposing your device to when rooting/jailbreaking it:

General risks:

  1. Some jailbreaking methods leave SSH enabled with a well-known default password (e.g., alpine) that attackers can use for Command & Control;
  2. The entire file system of a jailbroken device is vulnerable to a malicious user inserting or extracting files. This vulnerability is exploited by many malware programs, including Droid Kung Fu, Droid Dream and Ikee. These attacks may also affect unlocked Windows Phone devices, depending on the achieved unlocking level;
  3. Credentials to sensitive applications, such as banking or corporate applications, can be stolen using keylogging, sniffing or other malicious software and then transmitted via the internet connection.

iOS

  1. Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data contained in other apps or install malicious software negating sandboxing functionality;
  2. Jailbroken devices can allow a user to install and run self-signed applications. Since the apps do not go through the App Store, Apple does not review them. These apps may contain vulnerable or malicious code that can be used to exploit a device.

Android

  1. Android users that change the permissions on their device to grant root access to applications increase security exposure to malicious applications and potential application flaws;
  2. 3rd party Android application markets have been identified as hosting malicious applications with remote administrative (RAT) capabilities.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *