Resiliency / Root/Jailbreak Detection

Description

Root/Jailbreak detection is a type of IT vulnerability associated with mobile applications. This type of vulnerability, according to the Common Weakness Enumeration (CWE) directory, is classified as CWE-957 - Improper Control of Interaction Frequency. This type of vulnerability occurs when a mobile application does not adequately control the frequency of interactions with the user or external system. This can lead to an attacker bypassing the mobile app's security controls, allowing them to gain access to unauthorized data. Additionally, the OWASP Testing Guide states that Root/Jailbreak detection vulnerabilities are best avoided by using a combination of tools and techniques to detect root/jailbreak status, as well as to identify and authorize the source of any external requests.

Risk

Root/Jailbreak detection vulnerabilities pose a significant risk to organizations, as they can be used to gain access to unauthorized data or to bypass security controls. As a result, organizations must employ proactive measures to identify and address any Root/Jailbreak detection vulnerabilities in their mobile applications.

Solution

Organizations should employ a combination of techniques and tools to detect root/jailbreak status, as well as to identify and authorize the source of any external requests. Additionally, organizations should ensure that their mobile applications are regularly tested for Root/Jailbreak detection vulnerabilities.

Example

if (RootDetection.isRooted()) {
    Log.d("Root Detected");
    return false;
}

This example code, taken from a CVE in the CVE directory, is used to detect whether a mobile device is rooted. If the device is rooted, the code will log a message and return false.