How and Why the PRIV Protects Against Rooting

PRIV by BlackBerry

PRIV by BlackBerry ad, tattooOne of the most controversial topics when it comes to mobile devices is the idea of rooting and jailbreaking. Although rooting and jailbreaking are technically different processes on different platforms, the end-goal is the same: to gain higher-level privileges and access to sensitive functionality that isn’t normally available (for simplicity, we’ll use the word “rooting” to refer to both). Let’s look at the pros and cons of rooting and examine how and why we protect against it.

To Root or Not to Root

Rooting is a technical process driven by practical and philosophical desires. The practical aspect is that rooting lets you install apps that you wouldn’t otherwise be able to use, either because the platform is locked to a single app store (iOS) or because the app requires access to sensitive internal functionality (Android and iOS). Philosophically, some technically-minded people (including most white hat hackers) want the ability to access everything on their smartphones, which is why many Android smartphones come with unlocked bootloaders. But rooting is also complex for the average user and can cause issues with system stability, software updates, warranties, and most of all security.

The Root of the Problem

The main advantage of rooting is also its biggest drawback: the fact that it unlocks access to sensitive areas of the device. Rooting is a huge risk to the privacy and security of the platform; a rooted device makes you more susceptible to malware and many enterprises refuse to allow rooted devices on their networks (and use enterprise mobility management software (EMM) such as BES12 or Good Dynamics to enforce it). Some types of malware specifically exploit jailbroken phones, while others attempt to directly root the phone themselves. These apps are extremely dangerous because they can hide from anti-virus programs and become nearly impossible to remove.

iStock_000035151852_Medium

Preventing and detecting rooting is one of the most difficult games of cat-and-mouse in all of security. Hackers are constantly looking for new vulnerabilities and many devices are rooted before they’re even released. A well-designed piece of malware with superuser permissions can easily hide itself from a simple root-detection app that’s just looking for flags typically associated with rooting. The most effective way to detect rooting is to use a hardware root of trust to integrate the solution across the hardware, OS and app layers. Which brings us to…

BlackBerry Integrity Detection

PRIV by BlackBerry comes with built-in BlackBerry Integrity Detection, which continuously monitors for events or configuration changes that could compromise the security of the device. This includes:

  • Checking the integrity of the kernel on device bootup
  • Checking for unauthorized changes to the SELinux policy
  • Monitoring file system mounting permissions
  • Ensuring that unauthorized apps don’t acquire escalated privileges
  • Disabling security sensitive applications such as pathtrustDTEK security logo

BlackBerry Integrity Detection uses an application in the BlackBerry Secure Compound to provide a trust anchor and generate integrity reports. These reports are digitally signed with ECC-256 and backed by a certificate that chains up to a BlackBerry Certificate Authority, allowing third-party Enterprise Mobility Management solutions and monitoring apps to verify their authenticity. BlackBerry Integrity Detection integrates seamlessly with the new Good Secure EMM Suites and BES12, allowing IT administrators to monitor for rooted and jailbroken devices. If a potential compromise is detected, administrators can configure alerts, prevent the device from accessing the corporate network, or even remotely wipe the device.

You can also verify BlackBerry Integrity Detection yourself through the preloaded DTEK app – simply look for the green checkmark beside “Operating system integrity”.

BlackBerry Integrity Detection, DTEK and numerous other privacy features combine to make BlackBerry powered by Android the most secure Android platform. With full access to Google Play and third-party app stores (Ed. – as well as regular monthly updates like the one that released today), PRIV lets you enjoy the full Android ecosystem while shielding you from malware and most important of all, protecting your privacy.

About Alex Manea

Alex Manea is the Director of BlackBerry Security. He is a founding member of the group that has made BlackBerry synonymous with mobile security. Alex has looked after BlackBerry product security for over 9 years, including BlackBerry smartphones, BES and BBM. He is a Certified Software Security Lifecycle Professional and has an Honors degree in Systems Design Engineering from the University of Waterloo.

Join the conversation

Show comments Hide comments
+ -
  • http://topbrandnews.com/how-and-why-the-priv-protects-against-rooting/ How and Why the PRIV Protects Against Rooting - Top Brand News

    […] Source […]

  • http://blackberry-priv.ru/index.php/2016/02/02/kak-blackberry-priv-zashhishhen-ot-root-dostupa/ Как #BlackBerry Priv защищен от Root доступа | BlackBerry Priv

    […] Источник: INSIDE BlackBerry […]

  • http://www.bbin.in/2016/02/blackberry-tells-how-it-secured-android-os-why-rooting-disabled/ BlackBerry tells how it secures Android OS & why rooting disabled - BBin

    […] Read How and Why the Priv Protects Against Rooting >> […]

  • http://www.blackberryhack.com/blackberry-spiega-perche-non-e-possibile-rootare-il-priv/ BlackBerry spiega perche’ non è possibile Rootare il Priv | BlackBerryHack.com – Il volto segreto degli smartphone BlackBerry

    […] un recente post pubblicato sul Blog ufficiale del brand canadese, quest’oggi scopriremo un’altro […]

  • http://www.blackberrypriv.it/blackberry-spiega-perche-non-e-possibile-rootare-il-priv/ BlackBerry spiega perche’ non è possibile Rootare il Priv – BlackBerryPriv.it – Il primo smatphone BlackBerry con OS Android

    […] un recente post pubblicato sul Blog ufficiale del brand canadese, quest’oggi scopriremo un’altro […]

  • http://www.mondoblackberry.com/blackberry/news-blackberry/100491-niente-root-per-il-blackberry-priv/ Niente Root per il BlackBerry PRIV

    […] FONTE: InsideBlackBerry […]

  • http://www.technmild.com/blackberry-ltd-wont-allow-rooting-on-its-android-based-priv-113169 BlackBerry Ltd Won’t Allow Rooting On Its Android-Based Priv

    […] a blog post, BlackBerry Security Director Alex Manea tried the explain what rooting actually is and why […]

  • http://www.androidblog.it/148754/blackberry-spiega-i-motivi-per-cui-e-contraria-allo-sblocco-del-bootloader-ed-ai-permessi-di-root/ BlackBerry spiega i motivi per cui è contraria allo sblocco del bootloader ed ai permessi di root | Android Blog Italia

    […] FONTE […]

  • http://blogs.blackberry.com/2016/02/blackberry-priv-the-good-the-bad-the-ugly/ BlackBerry PRIV: the Good – the Bad – the Ugly | Inside BlackBerry

    […] Last but not least, what BlackBerry is famous for – security. The BlackBerry PRIV is the only Android phone that cannot be rooted since it uses hardware root of trust – see How and Why the PRIV Protects Against Rooting. […]

  • http://blogs.blackberry.com/2016/02/new-frontiers-how-reviewers-in-india-australia-and-africa-feel-about-priv/ How Reviewers in India, Australia, and Africa Feel About PRIV | Inside BlackBerry

    […] Alex Manea’s explanation of how and why the PRIV protects against rooting […]

  • http://blogs.blackberry.com/2016/03/tango-networks-communicator-with-priv-prove-it-takes-two-to-dance/ Tango Networks Communicator with PRIV Prove It Takes Two to Dance | Inside BlackBerry

    […] Tango Networks Communicator is best experienced on PRIV by BlackBerry. What better way to use enterprise-grade messaging than with a smartphone that has an outstanding slide-out physical keyboard, an unparalleled Android performance wrapped in BlackBerry security, and a large display that helps you easily navigate through all your messages and contacts? Be confident in knowing that all of your data is bolted down with BlackBerry’s hardening of the Android OS. […]

  • http://blogs.blackberry.com/2016/03/high-five-for-printhand-and-priv-by-blackberry/ High Five for PrintHand and PRIV by BlackBerry | Inside BlackBerry

    […] an aggressive Android patching strategy, DTEK privacy and a hardened Linux kernel and advanced protection against rooting. User data is also encrypted using a FIPS 140-2 compliant cryptographic engine. Between the PRIV by […]

  • http://blogs.blackberry.com/2016/03/why-priv-by-blackberrys-this-irish-entrepreneur-and-tech-bloggers-daily-driver/ PRIV by BlackBerry’s This Irish Entrepreneur and Tech Blogger’s Driver | Inside BlackBerry

    […] using my information – DTEK provides me with that insight, and serves as a nice touch atop BlackBerry’s other security features. The keyboards, without a doubt, are also excellent. The physical keyboard makes typing, […]

  • http://techbuzzireland.com/2016/04/12/i-have-a-chat-with-blackberry-about-the-blackberry-priv-blackberry/ I have a chat with Blackberry about the Blackberry Priv. #Blackberry | TechBuzzIreland.Com

    […] using my information – DTEK provides me with that insight, and serves as a nice touch atop BlackBerry’s other security features. The keyboards, without a doubt, are also excellent. The physical keyboard makes typing, […]

  • http://blogs.blackberry.com/2016/04/can-your-crm-keep-up-with-swyft-for-good-and-priv-by-blackberry/ Can Your CRM Keep Up With Swyft for Good and PRIV by BlackBerry? | Inside BlackBerry

    […] even further with a BlackBerry-secured version of the Android OS, plus features like DTEK security, rooting and jailbreaking prevention, FIPS 140-2 compliance and aggressive Android security […]

  • http://www.techsuplex.com/2016/04/27/blackberry-priv-review/ The BlackBerry Priv Review - TechSuplex

    […] A BlackBerry Priv review wouldn’t be complete without mentioning security, because for BlackBerry, everything does boil down to security. BlackBerry admits that its future as an android only OEM, depends on whether it is able to secure android as well as it has secured its own OS and while it’s still has some way to go in that regard, it’s done a darn good job at first attempt. That’s why till date, more than a thousand dollars up for grabs for anyone who is able to root the device is still unclaimed, even though BlackBerry has publicly outlined the steps they have taken to harden the device (see here and here). […]

  • http://www.blackberryforums.com/general-blackberry-priv-discussion/267270-dtek-what-about-core-apps.html#post1817153 DTEK? What about core apps? - BlackBerry Forums Support Community

    […] […]

blog comments powered by Disqus