Zimperium has announced that it is warning organizations about the growing risks posed by rooting and jailbreaking tools, which continue to expose mobile devices to severe security vulnerabilities.
According to the company, these tools, often developed by independent developers without proper security oversight, enable unauthorized access to mobile systems and can be exploited by cyber-criminals.
Zimperium says that its research has highlighted how modern rooting frameworks, such as KernelSU, APatch and SKRoot, bypass traditional security measures, giving attackers deep access to compromised devices.
These tools typically rely on weak or improperly implemented authentication mechanisms, allowing malicious applications to gain full control over a device.
One such vulnerability in the KernelSU rooting framework allows attackers to bypass authentication and gain root access, the company notes.
The flaw exploits weaknesses in how the kernel verifies legitimate applications, enabling attackers to impersonate trusted apps and escalate their privileges.
Despite the passage of time, Zimperium highlights that this vulnerability remains a critical risk to mobile device security with cyber-criminals increasingly targeting these weak points.
Nico Chiaraviglio, Chief Scientist, Zimperium commented: “These vulnerabilities put millions of users at risk, as attackers can exploit them to steal sensitive data or take full control of compromised devices.
“Rooting tools are often updated without thorough security reviews, making them a persistent threat to enterprise mobile security,” he added.
Zimperium’s ongoing research into rooting frameworks emphasizes the importance of vigilance in mobile security.
The company explains that the findings underscore the critical need for enterprises to be aware of the security risks associated with rooting tools and the growing sophistication of mobile cyber-attacks.