How SyncDog’s Containerization Protects You Even if your Device has been Jailbroken
Jailbreak Detection – The First Line of Defense
Both our iOS and Android clients have built-in jailbreak detection that will not only prevent the application from running, but will automatically wipe the container’s data in the event the device is compromised. This detection process also works even if the app is running; so if there is an exploit that attempts to root the device silently or without triggering a reboot, the container will still identify the jailbroken state and wipe its data at runtime. Does your current mobile security solution offer this? If not, it’s time to upgrade.
Data-at-Rest and Transport Encryption –The Next Level of Protection
Jailbreak detection is important, but it is just part of the complete security strategy of SyncDog containers. If an attacker were to jailbreak the device and attach to the file system without launching our application, in attempt to bypass jailbreak detection, any data stored inside the container is encrypted on disk using military-grade FIPS 140-2 CERTIFIED encryption (AES-256). This means that any data stored inside the container including emails or files would be completely unreadable, providing an iron-clad defense against data loss even on jailbroken devices.
The protection does not just cover data-at-rest though. Any data transported over the network to or from the container is also encrypted using FIPS CERTIFIED AES-256 bit encryption, utilizing certificates pinned to the device with no chain-of-trust vulnerabilities, used in combination with an ephemeral AES key that changes with every network transaction. Even if the device were jailbroken, and an attacker was attached to the device observing network traffic for the container, this data would be undecipherable.
No Keychain Data Storage – Defense Against Advanced Attacks
Many applications use the so-called secure storage options provided natively by the operating system, such as the keychain in iOS, believing that it provides their application with unbreakable safety for data storage; however, the keychain is vulnerable, especially on jailbroken devices. On a compromised device, it is possible to copy the keychain to an external computer and perform brute force attacks to access keychain data. More sophisticated exploits may observe kernel level calls to the keychain and inject their own calls, mimicking an authorized application in order to pull information from this data store. With new attacks being invented constantly, it is clear that data stored in the keychain is not completely protected. Fortunately, SyncDog’s “Zero Trust” containers do not utilize the keychain for any data storage, thus yielding keychain exploits useless for accessing containerized information.
Decompilation and Runtime Protection – The Complete Solution
The final line of defense SyncDog containers provide is protection against decompiling the application artifacts as well as providing runtime protection against in-memory exploits. There are a variety of decompilation tools available that hackers use to reverse engineer application artifacts, attempting to dig into the original source code. SyncDog’s containers defend against these methods by both implementing code obfuscation and also by using hashed encryption keys that cannot be reverse engineered from observing the code. Coupled with runtime protections against memory attacks, we provide the most complete solution possible for securing sensitive data on mobile devices.
