Controls should exist to prevent the escalation of privileges on the device (e.g., root or group privileges). Bypassing permissions can allow untrusted security decisions to be made, thus increasing the number of possible attack vectors. Therefore, the device should be monitored for activities that defeat operating system security controls—e.g., jailbreaking or rooting—and, when detected, the device should be quarantined by a solution that removes it from the network, removes the payment-acceptance application from the device, or disables the payment application.
Offline jailbreak and root detection and auto quarantine are key since some attackers may attempt to put the device in an offline state to further circumvent detection. Hardening of the application is a method to that may help prevent escalation of privileges in a mobile device.
PreEmptive Solutions helps organizations protect their applications from hacker attacks by hardening and shielding their applications. This makes them more resilient to tampering and run time probing attacks; and also helps our customers be compliant with regulatory and industry standards including PCI, HIPAA, GDPR, OWASP, among others. By hindering application attacks, we help protect our customers from financial loss, intellectual property theft, brand damage, stolen credentials / fraud, and non-compliance with standards.