Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

New iOS App Detects Compromised iPhones

New App Helps Detect Secretly Jailbroken, Compromised iOS Devices 

New App Helps Detect Secretly Jailbroken, Compromised iOS Devices 

Owners of iPhone and iPads can stay better informed on the security of their devices courtesy of “System and Security Info,” a new application designed to provide users with detailed information on what applications and processes are running on their iOS devices. 

Developed by Germany-based SektionEins GmbH, the tool was built with jailbreak and anomaly detection functionality, so that security concerned users can check for potential privacy issues and security threats.

Designed with support for devices running iOS 8.1 or later, the utility is compatible with iPhones, iPads, and iPod touch devices and can display info such as CPU, memory and disk usage, and process list. Additionally, the software allows users to inspect running apps (SHA1 Hash, Signature, Entitlements), and to take advantage of capabilities such as jailbreak, security anomaly, and malware detection.

iPhone Library InjectionsAccording to SektionEins, a company that has shown interest in iOS kernel and jailbreaking, System and Security Info can provide users with info on whether an attacker is using a public jailbreak or a customized version to hack and backdoor their devices. The tool does so by running tests meant to find artifacts pertaining to one of the known jailbreaks.

Jailbroken devices are exposed to a wide range of threats, since most malicious applications were designed to target these unlocked devices. However, malware and rogue app stores that target non-jailbroken devices exist as well, such as vShare, a rogue app store that provides access to over 1 million apps that haven’t been scrutinized by Apple’s app vetting process.

As for the anomaly detection capabilities of the application, the company explains that they are based on testing whether certain security assumptions are still valid. The tool checks the code signing flags of running processes for signs of tampering, and verifies that an app is still encrypted and not running in a debugger.

The security checking utility also verifies that code signing is still capable of detecting malicious apps, meaning that no unsigned binaries are running, and that no unexpected libraries are injected into the process, since this is sign of tweak runtime functionality. Some anomalies might be related to the accessibility features of iOS, which do inject unexpected libraries into the tool’s own process.

Advertisement. Scroll to continue reading.

The new utility is meant to provide users with a cheap solution to stay better informed on the security and privacy stance of their devices. System and Security Info is now available for download from the App Store as version 1.0.2.

“Of course such tests in a publicly released tool can never fully replace a detailed analysis in our lab, because attackers can adapt and specifically detect and subvert our tool,” SektionEins’ Stefan Esser explained. “They provide however a good first round of checks in the process to determine if the security of your iOS device has been compromised. Furthermore it has been reported that several vendors selling iOS spyware fully rely on modified public jailbreaks for their tools. The chance of detecting one of those is therefore high.”

With the number of Mac OS X and iOS security threats growing fast, as Symantec revealed in a December report, users should be more concerned about the security of their devices. iOS 9 exploits and jailbreaks are included here, albeit they are rare enough to determine exploit acquisition company Zerodium to offer up to $1 million for such bugs.

Currently priced at $0.99, the System and Security Info app made it to the #4 position on the Top Charts for Paid apps in Apple’s App Store at the time of publishing.

*Correction – Incorrectly named Zimperium instead of Zerodium which should have been the company named offering iOS bug bounties. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.