Threats to mobile devices in general have been on the rise lately, and while jailbreaking and rooting for smartphones is a known issue for IT, the increased amount of tablets in business, plus their high usage makes them a bigger threat.
Jailbreaking (for iOS devices) or rooting (for Android devices) refers to overriding the manufacturer’s settings which, among other things disables the device’s security and OS updates, and gets around many of the things that enterprise IT puts in place. Even though it has been deemed legal to jailbreak a smartphone (at least until 2015 when the Digital Millennium Copyright Act is reviewed again), it’s now illegal to jailbreak or root tablets.
Here’s what the Federal Register said, “This exemption is a modification of the proponents’ proposal. It permits the circumvention of computer programs on mobile phones to enable interoperability of non-vendor-approved software applications (often referred to as “jailbreaking”), but does not apply to tablets—as had been requested by proponents—because the record did not support it.
Disable the Connection
One of the main purposes for such a modification is to be able to download certain apps for free. In order to do so, an individual must use a non-sanctioned repository which increases the security threat since the acquisition process is not handled by the properly sanctioned store.
After the device has gone through a jailbreak/root process, the device can then connect to Cydia based repositories (aka repos) such as ihacksrepo, xsellize or hackulous (being the most popular). These repos contain payware programs that have been hacked in order for them to be installed without charge.
One of the most popular hacked programs is MyWi which turns the device into a hotspot. By doing so the device also violates the carrier agreement, however, the carrier is not aware. The majority of the malware and security threats that are introduced into a network originate from software/apps that have been installed from such stores.
Any enterprise currently using an MDM solution should incorporate policies that restrict a compromised device from connecting to the corporate network.
Why the restriction? A jailbroken/rooted device could violate the enterprise’s MDM policies by circumventing the “whitelist/blacklist” of applications. Once the device performs a check-in during the MDM polling, the software can automatically be uninstalled. However, normal check-in occurs every 8 to 24 hours which gives plenty of time for a hacked program to infiltrate the corporate network.
If for some reason the device is allowed to join the BYOD/MDM environment, then an extra level of security must be applied along with a modified policy that forces the device to check-in every hour.
Know Your App
Most users are unaware of the danger. IT knows what apps workers should have and understands that the permissions of the app need to be thoroughly examined. Users don’t always understand this, and those who have bypassed policy are putting the enterprise at risk.
For example, some tablet apps may request permissions to access data — which, in the case of BYOD can clearly include corporate data. There is no reason for any app to have access to contacts or address book in order to function.
And some programs that are obtained through these repos, such as AndroidLock, actually add a level of security to the device by modifying the lock features already present at the OS layer. Even if a user thinks they are doing a good thing by downloading, it’s easy to fall for the Trojan Horse when it comes to apps like this obtained this way.
For example, some of these “enhanced security” apps are actually key monitors that report keystrokes back to unscrupulous websites in order to obtain information such as corporate or personal passwords.
Jailbreaking/rooting are real threats and apps on tablets must be properly obtained and managed. Because of their screenshare, tablets are the ideal form factor for running apps and enthusiastic “prosumers” will download anything they think will help them work (and play) better.