Jailbreak Detection – The First Line of Defense
Both our iOS and Android clients have built-in jailbreak detection that will not only prevent the application from running, but will automatically wipe the container’s data in the event the device is compromised. This detection process also works even if the app is running; so if there is an exploit that attempts to root the device silently or without triggering a reboot, the container will still identify the jailbroken state and wipe its data at runtime.
Data-at-Rest and Transport Encryption –The Next Level of Protection
Jailbreak detection is important, but it is just part of the complete security strategy of Secure.Systems containers. If an attacker were to jailbreak the device and attach to the file system without launching our application, in attempt to bypass jailbreak detection, any data stored inside the container is encrypted on disk using military-grade encryption (AES-256). This means that any data stored inside the container including emails or files would be completely unreadable, providing an iron-clad defense against data loss even on jailbroken devices.
The protection does not just cover data-at-rest though. Any data transported over the network to or from the container is also encrypted using AES-256 bit encryption, utilizing certificates pinned to the device with no chain-of-trust vulnerabilities, used in combination with an ephemeral AES key that changes with every network transaction. Even if the device were jailbroken, and an attacker was attached to the device observing network traffic for the container, this data would be undecipherable.
No Keychain Data Storage – Defense Against Advanced Attacks
Many applications use the so-called secure storage options provided natively by the operating system, such as the keychain in iOS, believing that it provides their application with unbreakable safety for data storage; however, the keychain is vulnerable, especially on jailbroken devices. On a compromised device, it is possible to copy the keychain to an external computer and perform brute force attacks to access keychain data. More sophisticated exploits may observe kernel level calls to the keychain and inject their own calls, mimicking an authorized application in order to pull information from this data store. With new attacks being invented constantly, it is clear that data stored in the keychain is not completely protected. Fortunately, Secure.Systems containers do not utilize the keychain for any data storage, thus yielding keychain exploits useless for accessing containerized information.
Decompilation and Runtime Protection – The Complete Solution
The final line of defense Secure.Systems containers provide is protection against decompiling the application artifacts as well as providing runtime protection against in-memory exploits. There are a variety of decompilation tools available that hackers use to reverse engineer application artifacts, attempting to dig into the original source code. Secure.Systems containers defend against these methods by both implementing code obfuscation and also by using hashed encryption keys that cannot be reverse engineered from observing the code. Coupled with runtime protections against memory attacks, we provide the most complete solution possible for securing sensitive data on mobile devices.