New app can detect malware and tell if you’re jailbroken

By , May 9, 2016

security

There’s a new app in the App Store called System and Security Info that shows detailed information about your device and running apps from a security standpoint. It can do a lot of things, including monitor memory and disk usage, show running processes, and it even detects malware and other anomalies.

A few other things about the app also caught our eye. One, it’s capable of telling if your iPhone and iPad have been jailbroken, and two, it appears that former jailbreak contributor Stefan Esser (also known as i0n1c) is involved in the project. In fact, it was Esser who penned the announcement blog post.

As a company known for iOS kernel and jailbreaking research SektionEins is from time to time asked by concerned iPhone user’s if we can determine if their device got hacked or secretly jailbroken to gather information about them. To find this out with a high level of certainty we have to utilize private jailbreak exploits, because Apple locks down iOS devices from both defenders and attackers, which proves to be more often a problem for defenders than for the attackers. This is a costly process. We therefore wanted to provide the public with a low cost solution that allows to find out if someone used one of the public jailbreak or a customized version to hack and backdoor your device. System and Security Info therefore runs a number of tests to determine if it can find artefacts of one of the known jailbreaks and runs further generic tests to determine if e.g. the code signing functionality seems to be still working or not.

Of course most of you reading this probably don’t need to be told if your iPhone has been jailbroken or not, but the app’s other features could still prove useful. For example, if you’re concerned your device has been infected by malware, you can use the app to check for malicious code or unsigned binaries.

SektionEins (Section One), the developer of System and Security Info, describes itself as a young IT security company with a specific focus on web and mobile applications. If you want to check out their new app, you can find it in the App Store for iPhone and iPad for $0.99 (this is a limited-time price).

Thanks Viniee!

  • Share:
  • Follow:
  • steve_shore

    Hmmm… I have injected libraries but I have no idea what to do about it

    • If you’re jailbroken, that’s normal – otherwise you should consider restoring your device.

      • Ángel Javier Esquivel

        Maybe Sideloaded apps?

      • Sideloaded apps from Xcode won’t be a injected libraries.

      • Mm

        So that means i have malware?

      • If you haven’t jailbroken your device, then simply removing the apps you installed from outside will most likely remove infection. I could say or couldn’t say it’s malware, if you haven’t jailbroken your phone then the app can’t do much other than stying inside of the sandbox.

      • Sandeep Roy

        I too have injected libraries etc. No JB & no Apps outside of App Store. Guided Access is also OFF. I think it’s something else, but not a real problem.

    • Sandeep Roy

      from the developers web site

  • DOOManiac

    “Of course most of you reading this probably don’t need to be told if your iPhone has been jailbroken or not”

    I would argue the opposite. Detecting an unauthorized Jailbreak on your phone would be the way to detect that your phone was compromised without your knowledge, either by LEO or other nefarious agencies.

    For example, a sushi local place has a loyalty program where every 10th order is free, and the manager needs to borrow your phone to enter a rotating PIN. It always makes me nervous to give them my phone and they take it out of my view – but the wife wants free sushi so what can you do? 😛

    • DopamineAddicted

      When the wife wants free sushi… Lol but i feel the same way about my phone

    • Digitalfeind

      Better safe than sorry approach would to have the manager come over to the table to and you do everything. As a part time waiter I never take or touch a customers phone. 1, if it gets damaged that’s the company’s fault and must pay for it. 2, servers are always touching dirty dishes and other food. So I do not want to “contaminate” them.

  • iBanks

    Could also be done on Verizon iPhones by installing the latest version of My Verizon and going to safari and entering vzt:// in the adress bar. Also allows for hardware and software tests.

  • Mr_Coldharbour

    Purchased this. Not because I need to know if I’m jailbroken on my 6S Plus, which I’m not, but because I would like to see in-depth information about my device such as a live process list, any suspicious daemons running (which shouldn’t be the case if I’m not jailbroken or have any shady enterprise profiles installed on my phone). Also it’s one of those things that Apple will yank from the App Store in just a matter of time, so better to have it before it’s too late.

  • Mm

    Anomlie detected could it be a sideloaded app? http://m.imgur.com/a/8hTcl

    • Did you used jailbreak or unverified app (installed app from web unverified certificate without jailbreak) ? Any of those two would result this, and also you should be careful and not use unverified certificates.

      • Mm

        No jb. Used ppinstaller for snap++

      • Maybe that’s the reason, sometimes packages from outside might contains unwanted coding.

    • iNeedANameHere

      Those are toggled from Guided Access being turned on I believe. Toggle Guided Access off then relaunch the app and everything should be good.

      • Sandeep Roy

        I too have injected libraries etc. No JB & no Apps outside of App Store. Guided Access is also OFF. I think it’s something else, but not a real problem hopefully. Will try restoring in iTunes. I did use PhoneClean by iMobie & also backed up using iMazing, recently, Beyond that can’t think of anything.

    • Sandeep Roy

      same here. no 3rd party App install outside of iTunes, no JB. Strange !

    • Sandeep Roy

      From web site

  • Luis

    found application with manipulated CS flags…. what does that mean? Jailbroken.

  • ravinigga

    And me just still hoping for jailbreak

  • elcarteiro

    better not show what the app detected on mine, lol!!! a big list of FOUND NON APPLE DAEMON, another big list of Found Application with manipulated CS flags, another one of Found Injected libraries and last but not least… CodeSigning was tampered with! It’s is obviously JBroken and I use to install and buy only known sources’ tweaks.

  • Mart

    So this mean that if i jailbreak my iPhone, then restore to stock iOS (removing the jailbreak),this app will tell if i had my device jailbroken???

    • don’t think it can detect if u had previously jb’ed ur device, once restored its fully restored

  • Zencowboy007

    Item No Longer Available…well will see if makes it to the Cydia Store