Mobile Rooting Jailbreaking: Feature vs Privilege Escalation

I had the opportunity to take a very interesting Android Forensics course last week offered by ViaForensics. They’ve compiled great research and have developed some excellent tools for Android devices which can be a huge time saver for forensics analysis. However, I had not realized the degree to which the tools and analysis in that space right now are dependent on being able to obtain root access on the device. This reminded me of a side discussion that went on at DefCon 18.

Many of the ways to obtain root on a Android device require physical access and one can argue, pose a more limited threat for the end user. Some devices like the Nexus One even seem designed to be “developer” phones and allow users to flash the device with the firmware of their choosing. However, one of the first EVO 4G ways of obtaining root level access was from an APK download from unrEVOked’s website. Just by installing the APK, the application was able to root the devices.  Clearly, most users would want the vulnerability this exploits to be patched before malicious APKs started to bundle this into their downloads (and it was patched). But at the same time, a number of users also want root access to their devices in order to customize them, investigate applications for privacy concerns, or test for other security issues. In the case of forensics analysis, root level access is needed to do the job.

The security industry has normally been fairly open about working with vendors to fix major security issues. What seems to be happening here is that there’s a growing trend in the community of even legitimate researchers, to hold on and not reveal their root level exploits.  To some degree, maybe this is nothing new. However, I feel that if these attacks were found on standard desktop or server operating systems, the community would almost all largely support alerting the developer and getting a patch out to end users.  These vulnerabilities would be seen as privilege escalation attacks and would need to be locked down. I don’t think its the same when it comes to closed or restricted devices. This could be an interesting discussion as more locked down devices are released.

And now with the FCC weighing in on jailbreaking, could the price-to-earnings ratio of a smartphone jailbreak skyrocket?   Example: http://www.jailbreakme.com/faq.html If we are in the era of no more free bugs — what will be more lucrative for exploit developers and the budding entrepreneur? Giving away a free tool? Charging for a jailbreak app that they hope no one else reverses and puts out a cheaper tool?  Or will the best dollar offer come from private exploit packs or organizations that intend to weaponize the vulnerability? Will we see the day when an smartphone exploit can buy you gold grill faster than an IIS/IE8 exploit?

cheers!

Post a comment or leave a trackback: Trackback URL.