Tuesday, May 17, 2016

Is a false sense of security better than nothing?

When faced with the opportunity to buy snake oil, we frequently jump at the chance to do so.  Our tendency to do so is so strong that when faced with the choice of snake oil or nothing, we frequently choose snake oil. I think we're just hard wired that way.  It's like we can't help ourselves.

Last week, Stefan Esser released a new iOS application that was purported to detect jailbreaks on the phone.  The idea is that if you are a target, your phone may have been jailbroken without your knowledge.  This application was supposed to alert you to this fact and allow you to take some corrective action.

Esser's Jailbreak detection application

The problem is that any jailbreak detection software is notoriously easy to bypass.  So much so that any application claiming to be able to detect this is effectively no better than snake oil.  And Apple knows this.  So they pulled Stefan Esser's tool from the App Store.  This caused some controversy, because there are other (lesser publicized) applications that have been published to the App Store that were not pulled.

Why was Esser's app pulled?
Probably because Esser has been a thorn in Apple's side for a while.  He's all the time publishing security research and generally making Apple look bad.  I get why they pulled his application (which TBF, he was hyping) and left others alone.  I'm not saying I agree with it, but I get it.

Was Esser's app snake oil?
Depends on your stance.  Esser certainly demonstrated that it can detect some jailbreaks.  But as I said earlier, these detections are notoriously easy to bypass.  Is a partial detection better than no detection?  Yes, if it detects that you are compromised. Presumably, Apple reasons that the false sense of security it gives those with no detection causes more harm than the good it may provide.

Why do you care?
I'm just along for the ride.  I don't have a vested interest either way, though I tend to agree with Apple that a false sense of security causes more harm than good.  At Rendition Infosec, we see this all the time with antivirus.  People think it will protect them from all badness and of course we all know better.  I tend to think that anything that promotes this "silver bullet" mentality is probably bad for us as a whole.

1 comment:

  1. I've used Kaspersky protection for many years now, and I'd recommend this product to you all.


Note: Only a member of this blog may post a comment.