Mobile Security Weekly – iOS Jailbroken, Knox Cracked, Android Exposed (Again)

This week’s coverage includes a wide range of security issues, from security solutions that aren’t good enough to another new way for attackers to target devices. Just over a month after the release of iOS 8, we’ve also got the first jailbreak, which just goes to show that this “un-jailbreak-able” version of iOS really isn’t.

A Brand New Jailbreak for iOS 8 is Available

A new jailbreak for iOS 8 was released Wednesday, almost out of the blue, by Pangu, the same team that released the most recent jailbreak for iOS 7. While the jailbreak is not especially useful to the average user right now (it doesn’t support the alternative app market, Cydia — yet), that’s apparently due to change shortly. Furthermore, this jailbreak might prove to be very relevant for attackers.

Jailbreaking a device enables the access to files that Apple doesn’t allow as well as the ability to install apps that haven’t been vetoed by Apple’s security measures. Although Cydia isn’t available yet, an attacker with physical access to a device could jailbreak it and install any number of malicious files or mRATs (Mobile Remote Access Trojans) that don’t rely on Cydia. With relative ease, the attacker could also hide the fact the device has been jailbroken.

Why is this significant?

Pangu was previously able to bypass Apple’s control by leveraging Apple’s restrictions for their own purposes – using an Enterprise Certificate. This shows that they know what they’re doing, and that they are here to stay. Regarding the dangers of a jailbroken device, enterprises can suffer from a visibility issue if they don’t know which of their employee devices are jailbroken. Amongst other things, encryption-enabling apps or encrypted docs are also hindered by jailbroken devices because the underlying security mechanism they rely on are no longer there.

To read more about our insights on the new Pangu iOS 8 jailbreak, read our in-depth blog post

Samsung Knox Security for Android is “Completely Compromised”

In an attempt to thwart Apple’s lead in the enterprise market, Samsung has been providing its Knox security software on its higher-end Android-based Galaxy devices, aimed specifically at enterprise and government clients who have sensitive security needs.

However, it’s been reported that Knox generates weak encryption keys, stores passwords locally, and gives users login hints in a fatal “security by obscurity” design, therefore compromising the security of the device. On top of that, it’s worth noting that of the 87 million devices that shipped with Knox, only 1.8 million were actually using it, raising all sorts of question regarding the relevance of Samsung’s flagship security solution.

Why is this significant?

Besides the fact that Apple has seized upon Android’s security and privacy problems to emphasize that iOS is designed “with security at its core” (something that is also questionable), this is another important milestone in Knox’s short but complicated lifespan. It’s still yet to be seen just how Knox will be integrated into Android 5.0 (Lollipop), but at this rate, you might be better off without.

Android Images Can Conceal Malicious Code

Attackers can now repackage malicious files on Android to look like images, making these images a dangerous security flaw. Researchers have discovered that it’s possible to fool the Android app wrapping system so that an image can be wrapped up with malware, and delivered inside an innocuous wrapper app, which gets past both security apps and Google’s Bouncer. Essentially, the malicious APK can be made to look like a valid PNG image file (although other image formats work as well).

The good news is that disclosure was withheld until Google had a fix in place; the bad news is, of course, due to the ongoing issue of Android fragmentation, a vast number of device-owners never update their devices — either by choice, through lack of awareness, or because their carrier doesn’t make updates available.

Why is this significant?

As mentioned, Google may have addressed this issue in Android 4.2.2, but the main issues are the once-again highlighted problems that the fragmentation of Android OS brings with it. As well, it’s another examples of how attackers are finding new ways to distribute malware. Sadly, both trends seem to be getting stronger with each passing day.