A startlingly high number of mobile devices have been covertly modified to pose a security risk to organizations.
Researchers at security vendor Zimperium estimate that around one out of every 1,000 devices it encounters have either been rooted (Android) or jailbroken (iOS).
While one-tenth of 1 percent does not seem on the surface to be a significant number, the result is millions of devices that could potentially be a significant network security risk when scaled to a global level.
“Despite a reduction in the number of rooted and jailbroken devices overall, they still represent a very serious security threat, not just to the user, but to enterprises who enable employees to access sensitive corporate apps and data from their devices,” wrote Zimperium.
“Our data shows that rooted devices are more than 3.5 times more likely to be targeted by mobile malware.”
Though the terminology differs by platform, the process is largely the same. An automated script takes advantage of an unpatched code execution vulnerability to modify the device at the root level and disable protections against unauthorized apps.
Once a popular method to get around the strict “walled garden” protections set by Apple and Google over their respective platforms and app stores, jailbreaking and rooting are still occasionally used by hobbyists and power users who wish to tinker with their devices.
The process is also covertly employed by a number of surveillance and tracking tools that are used with various degrees of legality by government and law enforcement agencies, as well as cybercriminals.
The procedure has been found to be far more common on Android devices, with 1 in 400 devices being rooted, as opposed to around 1 in 2,500 iOS devices. The numbers can also vary greatly based on region.
“Although there seems to be a particular emphasis on the United States and Malaysia, our data suggests that these devices can be found everywhere,” Zimperium explained.
The process comes at a steep cost for device owners. The researchers said that rooted or jailbroken handsets tend to be far more prone to falling victim to malware attacks and data theft.
“According to our data, the exposure factor of rooted devices versus stock devices varies from 3x to ~3000x, which suggests that rooted devices are potentially much more vulnerable to threats than stock devices,” the Zimperium team noted.
“In other words, much riskier.”
In addition to the security risks posed to the devices themselves, organizations can see their entire networks put at risk from jailbroken and rooted gear. When a compromised device logs into a network, any embedded malware can gain a foothold to allow threat actors further access.
“These practices grant users privileged access to their device’s operating system, opening the door to a host of security risks — including malware infections, compromised apps, and full system takeovers,” Zimperium explained. “A single compromised device can serve as the entry point for a much larger attack, putting an entire organization at risk.”
