In case you have wondered whether the iPhone you have purchased has been jailbroken without your consent (or knowledge): there is an app for that. Developed in part by a name widely known in jailbreak community, security researcher Stefan Esser, the app carries the lengthy name of System and Security Info (via Gizmodo).
Knowing whether your iPhone was jailbroken or not may be important for various reasons: A jailbreak can be used to hack or create a backdoor into your handset. It has been reported that several vendors selling iOS spyware rely on modified public jailbreaks, as the press release announcing the app signed by Esser reads.
System and Security Info runs several tests to detect a jailbreak or anomalies.
The anomaly detection in this app tries to verify that certain security assumptions are still valid. This includes that code signing flags of running processes have not been tampered with, the app is still encrypted and not running in a debugger and that code signing still detects malicious apps and that no unsigned binaries are running. Furthermore it is validated that no unexpected libraries are injected into the process because this is usually used to tweak runtime functionality. Because the accessibility features of iOS will inject unexpected libraries into our process the app will mention this as a detected anomaly.
Apparently, it is the first iOS app capable of showing a list of the running processes, as the developers realized that Apple didn’t harden the sandbox the way they claimed, so there is still a way to get information about running processes. Using this “flaw”, System and Security Info lists running processes and enriches this with information from the codesigning information, including the list of entitlements running processes have, Esser writes.
Other notable features of the app include:
+ CPU usage
+ Memory usage
+ Disk usage
+ Process list
+ Inspect running apps: SHA1 Hash, Signature, Entitlements
+ Malware detection
Download System and Security Info for $1.39 from the App Store.