Expert Comments On Why Jailbroken Devices May Threaten Mobile Financial Services

Banks and financial institutions have more reason to worry about the threat of jailbroken devices attempting to access their mobile financial services, with the release of the new Checkra1n jailbreak tool this week.

Experts Comments

November 13, 2019
Sam Bakken
Senior Product Marketing Manager
OneSpan
First, and perhaps most importantly, there are not a lot of good reasons for the average consumer to jailbreak their device. It disables many crucial security controls inherent in the platform that help keep customers and consumers safe. Second, though banks may need to consider the fact that this new Checkra1n tool may result in a slight uptick in the number of jailbroken devices attempting to access their mobile financial services. In some regions, jailbroken phones are more popular than in .....Read More
First, and perhaps most importantly, there are not a lot of good reasons for the average consumer to jailbreak their device. It disables many crucial security controls inherent in the platform that help keep customers and consumers safe. Second, though banks may need to consider the fact that this new Checkra1n tool may result in a slight uptick in the number of jailbroken devices attempting to access their mobile financial services. In some regions, jailbroken phones are more popular than in others, and banks need to take this into account in their threat model, and may not want to deny service to all users that jailbreak their phones. If a bank should decide it needs to provide some level of service to customers of jailbroken devices, technologies such as app shielding and runtime application self-protection (RASP) technologies can protect mobile apps in hostile environments and mitigate some of the risks associated with jailbreaks. At this time, using the Checkra1n tool to jailbreak an iPhone requires physical access to the device. So, at least for the time being, it seems the risk of adversaries using the tool for remote jailbreaks is low.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.