Mobile phones, computers and other types of processing devices are typically sold with a variety of pre-installed software components that are sanctioned by the manufacturer or an associated service provider and are clearly not intended to be tampered with by a user. However, in many instances, hackers may attempt to modify, bypass, remove, replace or otherwise tamper with such pre-installed software components. For example, in the case of mobile phones, the term “jailbreaking” is generally used to refer to bypassing of sanctioned device software and its associated control mechanisms.
Various jailbreak exploits by hackers have already been documented for many if not all versions of the Apple iPhone and iPad, as well as numerous other types of processing devices, thereby enabling users to bypass manufacture and service provider control mechanisms on these devices. This can allow the devices to be used in ways that were not envisioned by the manufacturer or service provider, possibly to the serious detriment of these entities and their legitimate users.
Unfortunately, prevention of jailbreaks is challenging under conventional practice. The jailbreaks can be implemented as general-purpose attacks that may exploit any of a wide range of operating system or driver level vulnerabilities. Comprehensive jailbreak protection is essentially as hard to provide as comprehensive protection of low-level software services within a given processing device.
Similarly, detection of jailbreaking is difficult under conventional practice because a processing device, while undergoing a jailbreak, is typically not connected to a network. For example, in current-generation Apple devices, a hacker places a device into a maintenance mode while jailbreaking it. This mode of operation reduces the device to a minimal set of software services, exposing them directly to attack, and places the device off-network, preventing externally prompted interruption of the jailbreak. Also, once jailbroken, the device may be instrumented with modified software configured to suppress any evidence of attack. Accordingly, under conditions such as these, detection of a jailbreak is seemingly impossible, in that the device cannot communicate while under attack, and after the attack it contains software that suppresses evidence of jailbreaking.