Threat Category: Malicious or privacy-invasive application
Threat Description: Rooting or jail-breaking an Android or iOS device significantly degrades its security architecture by enabling arbitrary apps to execute commands as root. A malicious app could, under an assumption some percentage of devices have been rooted or jail-broken, attempt to abuse implicit root privilege escalation.
Not Applicable, See Exploit or CVE Examples
How to clean up the Duh iPhone worm 1
Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.
Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.
For the lowest risk tolerance, deploy MDM or containerization solutions with policies that can detect and block access to enterprise resources by rooted/jail-broken devices.
Use application threat intelligence data to detect potential abuse of rooted/jail-broken BYOD devicesMobile Device User
Use Android Verify Apps feature to identify harmful apps.Mobile App Developer
To avoid launching applications that handle sensitive information on a rooted/jail-broken device, perform device integrity checking, such as using Android SafetyNet, Samsung Knox hardware-backed remote attestation, or other applicable remote attestation technologies device integrity attestation API
P. Ducklin, “How to clean up the Duh iPhone worm”, Naked Security, Sophos, 24 Nov. 2009; https://nakedsecurity.sophos.com/2009/11/24/clean-up-iPhone-worm/ [accessed 8/25/2016] ↩