{
	"id": "c69cc9ef-101f-45be-b249-8bcaa7877e5e",
	"created_at": "2026-04-06T02:11:44.554244Z",
	"updated_at": "2026-04-10T13:12:14.35449Z",
	"deleted_at": null,
	"sha1_hash": "19e6f6704cff0ec343c14885bff21318393e2580",
	"title": "EMM-5 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45547,
	"plain_text": "EMM-5 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:53:22 UTC\r\nMobile Threat Catalogue\r\nBypassing Root/Jailbreak Checks\r\nContribute\r\nThreat Category: Enterprise Mobility\r\nID: EMM-5\r\nThreat Description: Root and jailbreak detection for mobile devices is based on detecting the changes that a\r\nprocess by which a mobile device was compromised would have caused. For instance, creation of files or\r\ndirectories that do not exist on uncompromised devices. Given the diversity of mobile devices, mobile OSs, the\r\nvarying methods of compromise, and the potential for an attacker to intercept and forge acceptable responses to\r\nchecks for such changes, root detection continues to be an area of challenge.\r\nThreat Origin\r\nAll Your Root Checks Are Belong to Us: The Sad State of Root Detection 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nCVE-2017-4895\r\nPossible Countermeasures\r\nEnterprise\r\nTo increase the potential that device root or jail-break is detected, deploy a variety of mechanisms capable of root\r\nor jail-break detection (e.g., on-device agents, apps that require successful boot attestation checks, manual\r\ninspection)\r\nTo reduce the opportunity for an attacker to locally root or jail-break devices, educate users on the importance of\r\nphysically securing their devices (e.g., locking it into a container) when not directly attended.\r\nTo reduce the potential a given root or jail-break attack will succeed, ensure devices are configured with a strong\r\ndevice unlock code.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html\r\nPage 1 of 2\n\nMobile Device User\r\nTo reduce the potential for USB-based root or jail-break exploits, do not accept prompts to grant trust when\r\nconnecting to untrusted computers or charging stations.\r\nReferences\r\n1. N.S. Evans, A. Benameur, and Y. Shen, “All Your Root Checks Are Belong to Us: The Sad State of Root\r\nDetection”, in Proceedings of the 13th ACM International Symposium on Mobility Management and\r\nWireless Access, 2015, pp. 81-88; http://dx.doi.org/10.1145/2810362.2810364 [accessed 8/23/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-5.html"
	],
	"report_names": [
		"EMM-5.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775441504,
	"ts_updated_at": 1775826734,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/19e6f6704cff0ec343c14885bff21318393e2580.pdf",
		"text": "https://archive.orkl.eu/19e6f6704cff0ec343c14885bff21318393e2580.txt",
		"img": "https://archive.orkl.eu/19e6f6704cff0ec343c14885bff21318393e2580.jpg"
	}
}