Detecting device hacks

Kaspersky Security Center Web Console enables you to detect device hacks (root) on Android devices and jailbreaks on iOS devices. System files are unprotected on a hacked device and can therefore be modified. Moreover, third-party apps from unknown sources could be installed on hacked devices. Upon detection of a hack attempt, we recommend that you immediately restore normal operation of the device.

Kaspersky Endpoint Security for Android uses the following services to detect when a user obtains root privileges:

• Embedded service of Kaspersky Endpoint Security for Android. A Kaspersky service that checks whether a mobile device user has obtained root privileges (Kaspersky Mobile Security SDK).
• SafetyNet Attestation. A Google service that checks the integrity of the operating system, analyzes the device hardware and software, and identifies other security issues. For more details about SafetyNet Attestation, visit the Android Technical Support website.

Kaspersky Security for iOS uses the following service to detect a jailbreak:

• Embedded service of Kaspersky Security for iOS. A Kaspersky service that checks whether a mobile device is jailbroken (Kaspersky Mobile Security SDK).

If the device is hacked, you receive a notification. You can view hacking notifications in Kaspersky Security Center Web Console on the Monitoring & reporting > Dashboard tab. You can also disable notifications about hacks in the event notification settings.

On Android devices, you can impose restrictions on the user's activity if the device is hacked (for example, lock the device). You can impose restrictions by using the Compliance Control component. To do this, create a compliance rule with the Device has been rooted criterion.