Zimperium is warning organisations about the growing risks posed by rooting and jailbreaking tools, which continue to expose mobile devices to severe security vulnerabilities.
These tools, often developed by independent developers without proper security oversight, are said to enable unauthorised access to mobile devices/systems and can be exploited by cybercriminals.
Zimperium’s research has reportedly highlighted how modern rooting frameworks, such as KernelSU, APatch and SKRoot, bypass traditional security measures, giving attackers deep access to compromised devices.
These tools are said to typically rely on weak or improperly implemented authentication mechanisms, allowing malicious applications to gain full control over a device.
The company has reported that one such vulnerability in the KernelSU rooting framework allows attackers to bypass authentication and gain root access.
The flaw is said to exploit weaknesses in how the kernel verifies legitimate applications, enabling attackers to impersonate trusted apps and escalate their privileges.
Despite the passage of time, this vulnerability reportedly remains a critical risk to mobile device security, with cybercriminals increasingly targeting these weak points.
Nico Chiaraviglio, Chief Scientist, Zimperium said: “These vulnerabilities put millions of users at risk, as attackers can exploit them to steal sensitive data or take full control of compromised devices.
“Rooting tools are often updated without thorough security reviews, making them a persistent threat to enterprise mobile security.”
Zimperium’s ongoing research into rooting frameworks is said to emphasise the importance of vigilance in mobile security.
The findings reportedly underscore the critical need for enterprises to be aware of the security risks associated with rooting tools and the growing sophistication of mobile cyberattacks.
