CAPEC-661: Root/Jailbreak Detection Evasion via Debugging

Description

An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.

Extended Description

When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to interact directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database.

Severity :

Very High

Possibility :

Medium

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-68: Subvert Code-signing Facilities Subvert Code-signing Facilities CAPEC-121: Exploit Non-Production Interfaces Exploit Non-Production Interfaces CAPEC-660: Root/Jailbreak Detection Evasion via Hooking Root/Jailbreak Detection Evasion via Hooking

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

A debugger must be able to be inserted into the targeted application.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

High Knowledge about Root/Jailbreak detection and evasion techniques.
Medium Knowledge about runtime debugging.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The adversary must have a Rooted/Jailbroken mobile device with debugging capabilities.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-489: Active Debug Code

Visit http://capec.mitre.org/ for more details.