Does jailbreaking or rooting devices, and BYOD mix?

Does jailbreaking or rooting devices, and BYOD mix?

Summary: The short answer is no. The slightly longer answer... definitely not.

SHARE:

Time to answer a timely enterprise question in today's Hardware 2.0 mailbox.

I read today that Evasi0n has been used to jailbreak over 7 million iOS devices over the past few days, making it the most popular jailbreak yet. Our company has embraced bring-your-own-device (BYOD) but at present we don't have a policy prohibiting jailbroken and rooted devices. Should we?

Yes. That was a relatively easy answer, but there is a very good reason to it.

jailbreak-34076324760934

I'm a big fan of jailbreaking iOS devices and rooting Android devices. I believe that people should have the freedom to do whatever they want with the devices they've bought. However, there's one exception to this rule, and that's BYOD devices.

Jailbreaking and rooting bypasses the device's security mechanisms, allowing any app to be installed on the device. And all it takes is a single rogue app behind a corporate firewall to allow the bad guys into your corporate digital fortress.

At the Gartner 2012 security and risk management summit Lawrence Pingree said, "quiet, unassuming smartphone users may actually be dangerous hackers, putting their companies' security in jeopardy without even knowing it."

Pingree went on to say that jailbroken and rooted devices posed a very significant risk and should be banned from the enterprise network altogether. 

"If we want to drive home anything here," Pingree said, "it is to prevent jailbreaking at any cost."

Enforce a no jailbreaking or rooting policy with mobile device management (MDM) software. Any decent package will automatically exile any devices that have been tampered with.

It may come across as extreme—especially if you're already allowing workers to make use compromised devices—but it's the only way to be absolutely sure.

Topics: Bring Your Own Device, Android, iOS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments
Log in or register to join the discussion
  • Well, it's my device and I paid for it.

    The company can provide its own for people to use, Blackberry is viable (and has better security*), and more workers won't have the means to buy in the future, if the trend of declining wages continues.

    The supply-side wants it both ways, or else those at the top can't profiteer at everyone else's expense.


    * but who needs that when it costs less to delegate everything to everyone else and then lower the pay so the top can call it "profit" in turn, to keep the ponzi scheme going
    HypnoToad72
  • Oh, more on the Gartner claim,

    not all smartphone users who jailbreak are hackers that want to infiltrate. Many or most just want to use the hardware to its potential, and not keep it choked behind a walled garden. See, we - the good people - appreciate and cherish freedom, you see...
    HypnoToad72
    • He didn't accuse users of that.

      When we root or jailbreak or phones, AKH correctly states that we make them more vulnerable to being inadvertently hijacked.
      rp518
  • People still jailbreak iOS? Interesting.

    I did it back in iOS 4 - for legal reasons which can now be met by my android devices.

    Jailbreaking iOS post iCloud seems a little dis-jointed. iOS works best left alone. If you want to fiddle get android... And get anti malware
    MarknWill
    • haha

      it seems you don't know too much about phones and technology!
      Sebaz KI
  • All the more reason to not BYOD . . .

    All the more reason to not BYOD, and just have a separate work device. I don't ever plan on using my personal device for work purposes - if I have to buy my own work device, so be it.
    CobraA1
  • Certainly not!

    Of course companies shouldn't permit jailbreaking. Not only does it put the organisation at risk of malware and viruses, but it is tolerating the sort of behaviour which shows a complete lack of respect for corporate values and rules. It is effectively criminal damage.

    My pastor has condemned such behaviour as destructive and immoral. Software is locked down to ensure it is secure, and intellectual property rights must be respected. Without the hard work of the corporations providing these solutions, society would be much poorer.
    Hasselhoff
    • Definitely shows promise.

      The pastor is a nice touch. Of course, one must never use one's own property in ways the vendor and manufacturer didn't intend (that would constitute socialism).

      7.0
      John L. Ries
    • Re: It is effectively criminal damage.

      Of the user's own property!?

      Or did you miss what the "O" in "BYOD" stands for?
      ldo17
      • sarcasm

        I believe it was sarcasm.
        jetmiles
      • Excellent

        Hasselhoff even caught a fish.
        John L. Ries
        • Re: Excellent

          Because Christians are not to be taken seriously...
          ldo17
    • immoral...

      i really can't comment on the pastoral approach to smartphone hacking.. I doubt Jesus foresaw smartphone usage. I can understand the criminal desires of man to hack personal data for their own gain though. What I find interesting is the lack of foresight in the BYOD to work push. This was a great marketing ploy by Apple and they succeeded because the public didn't understand what was happening or maybe didn't care and went for the immediate pleasure reaction. Both iOS and Android will suffer from this because of the open OS architechure. What will happen when Android and iOS try to compete in the smartphone smartPay environment that is emerging now... only the most secure OS will be suitable to make valued credit card payments using a secure element and we know who that is... so, lets ponder a moment... playing Angry Birds or making sure your personal data is secure... which one is more important in the future?? I guess its a personal decision *smerk*. I am also wondering why this type of news isn't hitting the major newspapers... I would think it would be interesting to all those who have iOS and Android devices...
      Charlie Bishop
    • Your pastor has a vested interest

      Software is locked down to ensure the profits of the parent company. Questioning their motives is like questioning a faith - hardly the behaviour a pastor will encourage.
      Alan Campbell
    • lol

      wrong! you are completely wrong! information is not about money! its about being informed!
      why you think its called JAILBREAK! I personally don't use a device like the Iphone if its not jailbroken! there is little I can do with it! like if the company wanted me to joperate that device on their own terms!!
      Sebaz KI
    • A Right?

      I can see it as a right to do what you want with your personal possession as long it does not harm another. For example if I wanted to modify my car I can and use it as I see fit. But if my modification makes it dangerous to go on the road than it should be banned from public roads. For example you won't see Big Foot on public highways but certainly at events.

      A company also has the right to dictate what can connect to their system.

      I remember reading how an engineer jailbreaked his iPhone to install cywin (Linux emulator) to run his own custom software for doing specialized calculations in the field. Without doing that, he would have been forced to carry a laptop, set it up, all just to do a single calculation.

      I guess a company could provide an separate wifi hot spot in the break room for personal use and a secured wifi for company devices.

      Most companies I worked for bans all cellphones on the premises except for few certain people. As being out of towner it is hard as the need to stay in touch is important. I know of one man who complied with the rule, didn't get the message to call home till hours later. His daughter been in a wreck and she died minutes before he was able to return the call. I believe the main reason for this rule is the company's fear of the built in camera taking a picture of something that can be used against them.
      Ongytenes
  • Not where I work

    No jailbroken or rooted phones are allowed on to our corporate email system. The required plug-in from the mobile device management platform we use, prevents those rooted/jailbroken phones access to our network. Yay us :*-(
    unredeemed
    • Re: No jailbroken or rooted phones are allowed on to our corporate email sy

      How would you tell?
      ldo17
      • Detection

        The MDM solutions that do this check are looking for certain file names or status of boot ROM. If detected they are blocked from sync. You can also decide a secondary action (erase device, erase corporate data etc).

        If your just using ActiveSync you have no control over employees using jailbroke / rooted devices. One of the big risks are programs that will disable any ActiveSync security you enforce, thus making the device unsecure and corporate data at risk.
        MobileAdmin
        • Re: The MDM solutions that do this check...

          ...are doing it under the control of the rooted system. Which can include patches to watch out for just such checks, and return false answers.

          Do you know what a "rootkit" is? It's the same principle, only this time it's done with the full knowledge and agreement of the device owner.
          ldo17