Minhazul Abedin

The Domain Name System is essential to all online connections. DNS, as it's referred to, allows domain names such as google.com to be translated into IP addresses, which are used by network devices to route data. But DNS servers don't consider your privacy at all, so this is a problem.

image source: Wikimedia Commons

Regular DNS: How it works

In order to connect to a specific website, your phone first connects to a DNS server after typing in a URL in your browser (e.g. google.com). It works like an internet directory, replacing the friendly name you entered with the website's IP address, which is typically a string of numbers.

Connecting to this server is not encrypted by default. This makes you vulnerable to man-in-the-middle attacks in which hackers make their device appear to be a Wi-Fi hotspot. Connecting to one of them can reroute your DNS requests to malicious websites, which can infect your phone or trick you into divulging personal information.

Consequently, the industry created tools to ensure that your device and DNS server communicate securely. The two most common methods of encrypting the communication between a phone and a DNS server are DNS over HTTPS (DoH) and DNS over TLS (DoT). An encrypted file is unreadable without a private key, which hackers should not possess.

Private DNS: How it works

Google added DNS over TLS (DoT) and Private DNS to Android 9 Pie to protect its users without requiring the ISP to do so. By default, Android uses DoT if the DNS server supports it. Using private DNS, you can remotely manage use of DoT while maintaining access to public DNS servers.

DNS servers you use through your wireless carrier offer many advantages over public DNS servers. These servers may not log any information pertaining to your usage. Therefore, you don't have to worry about your online location being tracked or third-party ad companies using your personal information. Several of them provide encryption using the DoT and DoH standards.

Up until Android 9, you could only use a private DNS server if you configured one for each Wi-Fi network or used a VPN. Using the former method, your phone was vulnerable if you used cellular data due to its only application to Wi-Fi. Essentially, you had to pay a subscription fee to a reputable provider. The Private DNS feature, which is usually free, eliminates all these disadvantages, and it applies to all data connections.

Private DNS - How to add one

You will need Android 9 or later to use native private DNS support because it is a newer feature. If so, go to Settings –> Network & Internet –> Advanced or Settings –> Connections –> More Connection Settings and tap "Private DNS."

Now, choose the "Private DNS provider hostname" in the popup window and enter the URL of your private DNS service. The most common one is Cloudflare's free 1.1.1.1 service, so if you choose that option, simply copy and paste the code from below into your settings.

1dot1dot1dot1.cloudflare-dns.com

Because Cloudflare supports DoH and DoT, as well as providing free server access, we recommend them. There is only one drawback: they log some data. A large portion of the logs are deleted after 24 hours, but there are a few points that will be stored indefinitely (check them out here).

If you intend to use Cloudflare DNS, but you do not have the above settings on your Android device, you can still install a VPN app to gain access.

Make sure you stay safe while exploring.

Sources:

https://developers.cloudflare.com/1.1.1.1/setup/android/

https://www.unbxtech.com/2021/07/howto-enable-private-dns-android.html?amp

https://android.gadgethacks.com/news/heres-why-you-should-be-using-private-dns-your-phone-0231554/

https://www.online-tech-tips.com/computer-tips/what-is-private-dns-and-how-to-use-it/amp/

Even as manufacturers impose more and more limitations on their systems, users are constantly seeking ways around them. Most people don't know, however, that rooting and jailbreaking a device is more harmful than helpful.

Rooting and jailbreaking are two similar procedures that enhance user rights for Android and iOS devices. Disputed by manufacturers, they evolve into more complicated but popular tools among hackers and users.

Root and jailbreak? What do they mean?

Rooting is the process of gaining access to root-level control or privileges on Android devices. In contrast, Jailbreak is a method in which the user can bypass Apple's restrictions by exploiting vulnerabilities in the system. The two may share similar purposes, but they have very different characteristics.

As Android is based on Linux, rooting can be treated in the same manner as superuser rights on Linux. On a Unix based OS, a superuser has complete access to the device's resources and can do things like: execute commands with root privileges.

As with rooting, jailbreaking involves escalating privileges, which can allow you to install apps from third-party stores, change an iPhone's default browser, or change its mail client.

What would make someone root or jailbreak their device, when there is so much difficulty and complexity?

The first and foremost purpose of rooting or jailbreaking a phone is to customize it to suit one's needs. It is possible for owners to take full control of the system by obtaining superuser access. These modifications are particularly significant for customers whose devices are older and unsupported.

Users can perform the following operations manually with root:

Upgrading OS to latest version

Obtaining access to options that are inaccessible to standard users

Installing third-party apps (not from the store)

The full range of system resources is available

Customize low-level device configurations (overclocking, for example)

Enhancing battery life

Creating a task scheduler (tasker) that automates certain processes

Customizing rooms

Adblocking

Backing up the entire device (e.g., using Titanium backup)

Obtaining newly-developed features

Uninstalling bloatware

Security problems: the most common threats

It is possible to gain root access using any privilege escalation bugs found in Android. Security vulnerabilities persist despite Android's monthly security updates, as vendors of large and small scale can't guarantee users are applying the latest patches.

On average, two years after the release, a device goes out of date; during this period, it will typically no longer be receiving security patches or new OS versions.

Most users of rooted devices are unaware that an existing application code can be modified easily. Enhanced privileges allow a process to access stored application code on the device, such as application jars. Cybercriminals can use this method to insert their own malicious code into legitimate software. A hacker can now do almost anything on the device, such as log into activities and change transaction details.

The use of sensors, which are present on virtually every device, can be used to monitor the user's activities if the process has root access. Root access gives control to spyware. Additionally, hackers can access all data, including backups, resources, calendars, and confidential information stored on the device (such as encryption keys). Malware such as trojans can compromise this information, and they can:

Steal passwords from browsers (such as Tordow banking Trojan)

Secretly purchase apps from Google Play (such as the Ztorg and Guerrilla Trojans).

Install applications stealthily, even on system partitions

Replace URLs in a browser (like the Triada Trojan)

Ensure that Trojans remain on devices after they are reset to factory settings by modifying firmware

When a device is rooted inside the company's internal network, it is vulnerable to data theft or ransomware attacks. By exploiting blind spots in the system, malware has the ability to obtain superuser access on its own in most cases. Malware developers are well served by users rooting their own devices.

Determining whether a device has been rooted or jailbroken

From a technical standpoint, it is still difficult and not foolproof to detect root and jailbreak remotely. There are several signs that a device has been tampered with:

It holds Cydia, a third-party application installer similar to Apple's App Store

There are some directories that an app shouldn't be able to access without elevated privileges (e.g. /bin/bash, /etc/apt).

Identifying symbolic links that point to normally unavailable directories or being able to write to directories in which it is not supposed to be possible

It is possible, although not very convenient, to use a free open-source solution such as the Mobile Verification Toolkit (MVT). It may be helpful to use a single-track approach, but in today's world, it is not adequate, which is why it is encouraged using solutions based on packages, libraries, and analysis of processes and privileges.

Final thoughts

A large majority of organizations surveyed experienced at least one mobile malware attack in 2020, according to the 2021 Check Point Cyber Security Report. About 93 percent of the attacks originated from the device network.

Moreover, 46 percent of organizations experienced an employee downloading a malicious mobile application that threatened networks and data or allowed malware to communicate with malware already installed on the device.

Multiple Android and iOS vulnerabilities were discovered in 2020, the most severe of which can be exploited at a privileged level to execute arbitrary code (CheckRa1n and ROM, jailbreak vulnerabilities).

Rooting or jailbreaking a device entails compromising our safety. It is crucial to correctly allocate privileges. It is essential to detect, track, and isolate jailbroken and rooted devices in order to provide corporate infrastructure with security and minimize attacks. Using modern, event-driven monitoring solutions powered by AI is one of the best ways to achieve this goal, since they detect many types of data tampering efficiently.

Make sure you stay safe while exploring.

Sources:

https://nordvpn.com/blog/why-you-shouldnt-root-android/

https://www.bullguard.com/bullguard-security-center/mobile-security/mobile-threats/android-rooting-risks.aspx

https://www.extremetech.com/mobile/211314-extremetech-explains-why-you-should-or-shouldnt-root-your-android-device

https://www.cshub.com/mobile/articles/your-devices-safety-in-someone-elses-hands-root-and-jailbreak