One of the most controversial topics when it comes to mobile devices is the idea of rooting and jailbreaking. Although rooting and jailbreaking are technically different processes on different platforms, the end-goal is the same: to gain higher-level privileges and access to sensitive functionality that isn’t normally available (for simplicity, we’ll use the word “rooting” to refer to both). Let’s look at the pros and cons of rooting and examine how and why we protect against it.
To Root or Not to Root
Rooting is a technical process driven by practical and philosophical desires. The practical aspect is that rooting lets you install apps that you wouldn’t otherwise be able to use, either because the platform is locked to a single app store (iOS) or because the app requires access to sensitive internal functionality (Android and iOS). Philosophically, some technically-minded people (including most white hat hackers) want the ability to access everything on their smartphones, which is why many Android smartphones come with unlocked bootloaders. But rooting is also complex for the average user and can cause issues with system stability, software updates, warranties, and most of all security.
The Root of the Problem
The main advantage of rooting is also its biggest drawback: the fact that it unlocks access to sensitive areas of the device. Rooting is a huge risk to the privacy and security of the platform; a rooted device makes you more susceptible to malware and many enterprises refuse to allow rooted devices on their networks (and use enterprise mobility management software (EMM) such as BES12 or Good Dynamics to enforce it). Some types of malware specifically exploit jailbroken phones, while others attempt to directly root the phone themselves. These apps are extremely dangerous because they can hide from anti-virus programs and become nearly impossible to remove.
Preventing and detecting rooting is one of the most difficult games of cat-and-mouse in all of security. Hackers are constantly looking for new vulnerabilities and many devices are rooted before they’re even released. A well-designed piece of malware with superuser permissions can easily hide itself from a simple root-detection app that’s just looking for flags typically associated with rooting. The most effective way to detect rooting is to use a hardware root of trust to integrate the solution across the hardware, OS and app layers. Which brings us to…
BlackBerry Integrity Detection
PRIV by BlackBerry comes with built-in BlackBerry Integrity Detection, which continuously monitors for events or configuration changes that could compromise the security of the device. This includes:
- Checking the integrity of the kernel on device bootup
- Checking for unauthorized changes to the SELinux policy
- Monitoring file system mounting permissions
- Ensuring that unauthorized apps don’t acquire escalated privileges
- Disabling security sensitive applications such as pathtrust
BlackBerry Integrity Detection uses an application in the BlackBerry Secure Compound to provide a trust anchor and generate integrity reports. These reports are digitally signed with ECC-256 and backed by a certificate that chains up to a BlackBerry Certificate Authority, allowing third-party Enterprise Mobility Management solutions and monitoring apps to verify their authenticity. BlackBerry Integrity Detection integrates seamlessly with the new Good Secure EMM Suites and BES12, allowing IT administrators to monitor for rooted and jailbroken devices. If a potential compromise is detected, administrators can configure alerts, prevent the device from accessing the corporate network, or even remotely wipe the device.
You can also verify BlackBerry Integrity Detection yourself through the preloaded DTEK app – simply look for the green checkmark beside “Operating system integrity”.
BlackBerry Integrity Detection, DTEK and numerous other privacy features combine to make BlackBerry powered by Android the most secure Android platform. With full access to Google Play and third-party app stores (Ed. – as well as regular monthly updates like the one that released today), PRIV lets you enjoy the full Android ecosystem while shielding you from malware and most important of all, protecting your privacy.