This study evaluates the effectiveness of jailbreak detection in iOS banking apps, particularly how new “rootless” jailbreaks can circumvent the majority of Apple’s improved security measures, notably the Signed System Volume (SSV) and the Secure Page Table Monitor (SPTM). Building upon earlier findings that showed banking apps were easily bypassed, this research investigates whether detection methods have improved or if developers still depend mainly on operating system security. A total of 489 iOS applications, including 52 renowned banking apps, were collected and tested on two jailbroken environments. The research shows that 72% of all tested applications did not detect a jailbreak in a rootful environment, and 92% did not detect in a rootless environment. Although banking applications did show somewhat better rootful detection than other categories, most still struggled to identify a rootless environment. Additionally, those that detected it could be bypassed with very simple methods. These findings highlight a security gap in modern iOS banking applications as jailbreak techniques continue to evolve away from system-volume exploits. This study provides evidence that rootless jailbreaking is largely undetectable. It illustrates the necessity for more customizable and behaviour-based detection approaches that no longer strictly rely on static file paths or library checks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Revisiting the Effectiveness of Jailbreak Detection

  • Muhammad Irfan,
  • Nelson Uto

摘要

This study evaluates the effectiveness of jailbreak detection in iOS banking apps, particularly how new “rootless” jailbreaks can circumvent the majority of Apple’s improved security measures, notably the Signed System Volume (SSV) and the Secure Page Table Monitor (SPTM). Building upon earlier findings that showed banking apps were easily bypassed, this research investigates whether detection methods have improved or if developers still depend mainly on operating system security. A total of 489 iOS applications, including 52 renowned banking apps, were collected and tested on two jailbroken environments. The research shows that 72% of all tested applications did not detect a jailbreak in a rootful environment, and 92% did not detect in a rootless environment. Although banking applications did show somewhat better rootful detection than other categories, most still struggled to identify a rootless environment. Additionally, those that detected it could be bypassed with very simple methods. These findings highlight a security gap in modern iOS banking applications as jailbreak techniques continue to evolve away from system-volume exploits. This study provides evidence that rootless jailbreaking is largely undetectable. It illustrates the necessity for more customizable and behaviour-based detection approaches that no longer strictly rely on static file paths or library checks.