Mobile security is in it’s infancy. There are a number of
players out there, and as is such with any new technology type, there’s no “one
size fits all.” Some of these technologies cover mobile access control, some
cover “rogue apps”, others cover the characteristics of the operating system
itself, and whether or not it has been “jailbroken.” I recently sat through a
vendor demo where they claimed that they could “detect jailbroken iphones and
prevent them from operating via policy.”
 |
| Hi, I'm Mobile Rootkit Protection! |
Let’s talk about “jailbreak detection and protection” for a
minute. Maybe I’m missing something. When you jailbreak your iphone, you’re
effectively running an exploit for a known security vulnerability in the phone,
and subsequently installing a rootkit on it. In most cases, the iphone’s
running kernel is replaced with one that can support unsigned apps.
So, if hacked iphones are modifications to the kernel, and
anyone can write their own jailbreak code once a vulnerability is found, then
how is this magical “mobile security technology” supposed to work?
In fact, there was a presentation by Eric Monti in 2010
where he demonstrated a stealth rootkit that could hijack existing processes
and turn basic feature utilization on and off.
Ok so, to recap:
·
Jailbreaking isn’t magic.
·
The kernel is an unknown quantity.
·
Existing processes can be hijacked or replaced.
·
Certain features of running processes can be
altered.
I fail to see how anyone can be expected to run an
application or a kernel level process that claims to be able to control
security in an environment with this degree of hostility.
I know I haven’t discussed which vendors we’re talking about
here, but that’s almost a moot point when features like “lockdown security
(camera, SD, Bluetooth, Wi-Fi)” are more science fiction than computer science.
No comments:
Post a Comment