Detecting iOS jailbreak

WMKernel · Jul 24, 2017

A friend of mine has asked me how he might detect whether his phone has been maliciously jailbroken (or otherwise compromised) and I've concluded that I'm not totally sure how to help him; I was hoping there'd be a straightforward app to recommend, but the clearest contender for that (i0n1c's System and Security Info) seems to have been removed from the app store. There might be some more elaborate things I can do on the forensic front, but I was hoping for something simple.

One thought I did have was just loading up some apps that aren't willing to run on jailbroken phones, but I've seen a number of articles claiming workarounds to that particular control. Without some investigation I wasn't sure if any of those might be something that could be done globally (rendering all standard app detection of jailbreaking invalid) or something that is always per-app.

Any thoughts? Is there an app out there that I've missed? Apple seems to have cleared out most AV/Anti-malware tools for iOS, and I rather suspect that's killed off the potential for this type of tool.

And yes I appreciate that he shouldn't have been clicking on links, really should update his iOS in a timely manner, etc, etc, but as always, human behaviour is the weak point in security. $:\$

Raz0rEdge · Jul 24, 2017

It is NOT possible to maliciously jailbreak an iOS device. That is, you cannot click on a random link and suddenly have a jailbroken device. Jailbreaking a device is a very deliberate act that requires you to run a specific program that will break some of iOS controls and also install (usually) the Cydia application store.

So, the first thing to do is to ensure that he is running the latest version of iOS, next if he is paranoid, he can always restore from the last backup to iCloud or iTunes assuming he's been backing up his device..

WMKernel · Jul 24, 2017

Raz0rEdge said:
It is NOT possible to maliciously jailbreak an iOS device.

Well, not quite true - that is what Pegasus does/did, and what the Fried Apple Team put together in their untethered jailbreak that was presented at Black Hat Asia. I think that the Fried Apple Team one was based on Pegasus, but their update works on 9.3.5, which was released to patch against Pegasus.

Quibbling aside, yes I agree that getting his iOS up to speed is a key point, and concur that the use of either of the above is unlikely to have hit a random person. That said, I'm still interested in knowing about whether or not there's a tool that can detect a jailbreak - as a security professional with an iPhone for work I'm rather curious.

pigoo3 · Jul 24, 2017

WMKernel said:
...I'm still interested in knowing about whether or not there's a tool that can detect a jailbreak - as a security professional with an iPhone for work I'm rather curious.

Maybe this will help:

https://www.trustwave.com/Resources/SpiderLabs-Blog/Jailbreak-Detection-Methods/

- Nick

ferrarr · Jul 24, 2017

Couldn't you just delete and try to reinstall an included Apple app? Or, download an official Apple app, by going to the App Store, scrolling to the bottom of the page and clicking on Apps By Apple? I'm just asking, because I've never done that?

Detecting iOS jailbreak

WMKernel

Raz0rEdge

Well-known member

WMKernel

pigoo3

Well-known member

ferrarr

Shop Amazon