Our SmartWire Threat Research Team has begun to find numerous new incidences of the mobile threat, Semi Jailbreak (SemiJB), which affects iOS versions up to 8.4.1. SemiJB allows users to install applications, games and themes using the SemiJB Cydia app store, where apps may not have undergone the standard Apple vetting processes.
How it works:
The process utilises a provisioning profile to enable the installation of the vShare App (the default SemiJB launcher), which takes on the role of SemiJB app store. This app store contains different applications available for download including official and third party apps.
SemiJB is not a full-blown jailbreak process, where users are granted root privileges over the device; consequently common jailbreak detection mechanisms are unable to detect it.
There are several security implications for the corporation when SemiJB devices are used by employees:
- Unverified apps from unknown developers can be downloaded onto the device and allowed onto the corporate network
- User privacy can be compromised
- Apps built with weak security increase the risk of leakage of sensitive data
- The vShare app itself can lead to privacy violations such as making user credentials visible, leaking the device name, and information about apps already installed on a device
This is a relatively new threat – detected in 10 enterprises on our network but the rate of infection seems to be accelerating faster than current business mobile device threats. Because of its nascent nature, it is going undetected by many current jailbreak detection mechanisms. The vShare app in particular has the potential to put enterprises and their data at real risk.