A new iPhone application dubbed “System and Security Info” will tell users if their device has been jailbroken, which would go a long way in helping users check to see if they’re being spied on.
The FBI had a tough few months trying to figure out the means to crack the passcode of an iPhone without triggering the phone’s default wipe feature. As lauded as its security practices are, Apple doesn’t provide total protection for its iPhone users. No device truly can be completely hack-proof. Still, there are simpler ways of keeping malicious hackers at bay, or at-least know when they’re snooping around.
Stealthy malware rarely leaves a footprint and runs quietly in the background, unbeknownst to most victims. If they were discovered, they’re simple enough to eradicate. The trick is finding them, if they’re around.
Unlike Android phones, Apple’s security features make the iPhone notoriously hard to break or snoop into. For any malware or indeed, a snooping application to work on an iPhone, the device must be jailbroken.
With this in mind, Stefan Esser, a German security researcher has created an app borne out of a simple idea: inform users if their phone has been jailbroken.
Speaking to Gizmodo, Essar stated:
The biggest motivation behind [this app] is that these companies like FinFisher or HackingTeam that are selling iOS spy software to government and others, they usually require [their clients] to only use jailbroken phones.
Although several applications already provide jailbreak detection, they do so by looking for certain files, as red flags, that indicate a jailbreak.
However, his application can look into files to see the exact jailbreak used and also analyzes the health of Apple’s default security layers, to ensure everything is in place. The analysis includes checking the root partition to make sure it is alter-proof whilst ensuring that the code is still digitally signed and verified by Apple. Any tampered signatures or certificates raises a red flag.
The System and Security Info app will show a breakdown of the disk data used, jailbreak signs and anomalies in a simple overview. If everything is green, everything is good. If not, there’s reason for suspicion.
While the app has pushed the envelope for simple detection methodologies, it will not be able to defeat malware attacks targeting the tool itself. In an email to FORBES, Essar explained how the app works and its limitations.
The app] will… easily detect private jailbreaks that make use of public iOS exploitation tricks. It will furthermore detect completely private jailbreaks if they do not completely hide themselves in the kernel or make their userland processes completely invisible. The tool will of course not be able to defeat targeted attacks against the tool itself.
Featured image from Shutterstock.