It's not paranoia if they're really after you.
If you have an iPhone there was no way to figure out if you were really being paranoid or not, until now. Thanks to a new $1 app, you can finally figure out if someone sneakily hacked and jailbroke your device.
"[We] wanted to provide the public with a low cost solution that allows to find out if someone used one of the public jailbreak or a customized version to hack and backdoor your device," the developers wrote in a blog post.
The app, called System and Security Info, was created by the german security firm SektionEins, whose research and development team is headed by Stefan Esser, a well-known iPhone security researcher. The app not only detects a jailbreak, but also analyzes the processes running at the moment, as well as any anomalies that could be the sign of some privacy or security breach.
Apple announced in 2015 that it made changes to iOS in order to stop apps from gathering information on other apps. That also "removed access to detail [sic] information that is only relevant for harmless system information tools," the developers wrote. That's why they released this new app, to help "concerned iPhone users' if we can determine if their device got hacked or secretly jailbroken to gather information about them."
After testing it, C0deH4cker, a security researcher and iOS jailbreaker, told Motherboard that the app is "very useful," and that "it successfully identified the jailbreak" he was using.
Given the nature of iOS, where all the code that runs on the phone is digitally signed by Apple, the app just needs to check if there's some unsigned code.
"The iOS security model presents these really unique opportunities for detecting intrusions because the device is so locked down," Dan Guido, the founder of security firm Trail of Bits, told Motherboard. "Apple signs every single piece of code that's located on iOS so if anything is present that hasn't been signed or that deviates from that norm, then you know something has gone wrong."
Trail Of Bits has a similar solution for businesses that want to make sure that their employees using iPhones haven't been compromised. Unlike System and Security Info, this is a toolkit for developers to create apps that integrate mechanisms to check whether something is wrong. But the overarching principle is the same: If something unexpected (not signed by Apple) is running, then something is wrong.
"If anything is present that hasn't been signed or that deviates from that norm, then you know something has gone wrong."
Will Strafach, an iOS security researcher who developed jailbreaks in the past, however, warned that this is not a panacea, and that a jailbreak done through an unknown zero-day vulnerability, or done by spyware such as that of Hacking Team or similar vendors, could go undetected.
That "would likely be able to fool the app," he said.
That's something Esser and his colleagues admit is possible. In a disclaimer on the blog post, the developers warned that "attackers can adapt and specifically detect and subvert our tool."
They were motivated to develop the app because of the rise in government spyware.
"Companies like FinFisher or HackingTeam that are selling iOS spy software to government and others, they usually require [their clients] to only use jailbroken phones," Esser told Gizmodo. "So the idea behind that is whoever is trying to spy on someone needs to get physical access to the device, jailbreak it, and then they can run the spying tools from Hacking Team or FinFisher."