Manufacturers of on-line devices typically build security protections into their products to protect against exploitation of the devices by malicious third parties. The exploitation of a computing device takes advantage of a weakness in an operating system, application, library or other software code to hack the device, for example by adding code to divert personal information for nefarious use. Exploitation can occur when a client accesses a malicious or hacked website using a client device. The malicious or hacked website may deploy an exploit pack on the client device, where the exploit pack includes software that can be used to unleash attacks against various browser vulnerabilities by deploying malware onto the victim's computer.
Client devices protect against malware by tightly controlling access to their hardware and software resources. Circumventing these protections involves “jailbreaking” the client device. Jailbreaking is a process of removing device software and hardware limitations to permit root access to the iOS operating system, allowing the download and execution of unauthorized applications, extensions, and themes that are unavailable through the official Apple App Store. For example, Cydia™ is a third party app store that provides unapproved tweaks, modified applications and games for use on protected Apple® devices.
Jailbroken devices may interact with a variety of applications provided by a service provider, placing the security of a service provider's infrastructure at risk. As such, service providers may implement security protocols that include jailbreak detection mechanisms configured to block access to jailbroken client devices. For example, one jailbreak detection mechanism may attempt to access a restricted or otherwise protected resource, such as an operating system root directory, with the ability to successfully access the protected resource reflecting the jailbroken status of the client device.
Application tweaks, available in Cydia repositories and deployed by hackers, implement countermeasures configured to intercept jailbreak detection mechanisms to obscure the jailbroken state of the client device. For example, malware may ‘hook’ jailbreak detection communications between an application server and the client device, by intercepting filesystem queries and returning false access status to hide the jailbroken status of restricted files. It would be desirable to identify a system and method for quickly and accurately identifying a compromised client device to protect a service provider's infrastructure.