Our mobile devices can be used by attackers to gain access to our networks and data. In this video, you’ll learn about jailbreaking, rooting, and sideloading.
To say that our mobile devices are challenging to secure is probably an understatement. These are devices that often require additional policies and procedures, along with different technologies, just to be able to provide security.
These are relatively small devices. And you can hide them almost anywhere on a person. You also find that these are always moving. It can be difficult to manage something when you’re not quite sure where it happens to be at any point in time. And these small, invisible, constantly moving devices have sensitive information on them not only at a personal level, but for the organization as well. And because these are devices that are constantly connected to the internet, it’s possible that anyone in the world might be able to access this device remotely.
These mobile devices tend to have a lot of security built into the device itself. One way to circumvent this security is through the use of jailbreaking or rooting. Although we don’t commonly have access to these devices at the OS level, there is certainly a complex operating system that’s running under the surface. And some individuals have found that you can replace this operating system with one of your own to provide additional access or circumvent some of these security restrictions.
If you’re doing this to an Android device, it’s referred to as rooting. And on Apple’s iOS, we refer to this as jailbreaking. This replaces the firmware or operating system on this device with a third-party operating system. This is generally done to enable new features and circumvent security that would normally be found on the original OS. If an employee was to replace the current operating system with one for jailbreaking or rooting, they would effectively circumvent all of the security that you put in place using your mobile device manager, or MDM.
Another concern are users that may install any application they would like to this device, and some of those applications may consist of malicious code. This would certainly be a security concern. And just one bad application could subject all of the data on this device to be accessible by an attacker.
There are usually restrictions put on these devices either by the operating system or by your mobile device manager to restrict what type of applications can be installed and where those applications can be installed from. For example, you may specify that your mobile devices can only be installed from either the company’s global application library or a local app store.
We refer to this ability of installing applications outside the scope of these app stores as sideloading. So if a user does install their own firmware to be able to root or jailbreak this device, they would probably then be able to sideload any applications they’d like.
Normally, the installation of unauthorized operating systems or software would be specifically forbidden in the policies and procedures of your organization. Usually, you’ll find this in an employee handbook or a list of acceptable use policies, or AUPs. And it wouldn’t be unusual, if somebody was to circumvent this administrative security control, to be subject to dismissal from the organization.