This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
zaynaly
Beginner
Beginner
‎2020-03-13 10:52 AM

how to find logs related to jailbroken devices

Jump to solution

We have been testing how logging and security works with mobile devices that have been jailbroken. I am unable to find any logs related to this in systlog to setup alerting mechanism. 

 

Where are the following logs stored:

1. when attempting to enroll a jailbroken device

2. when device has and enrolled software token, then its jailbroken and token is disabled.

 

Kind regards

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-03-19 09:11 AM

Jump to solution

Yildirim Zaynal‌,

 

My apologies for the delay in replying to your post.  I did get a response from product management on your question.  They say, "CAS doesn't get notified in any way if someone tried to use the Authenticate app on a jailbroken phone. There most likely will be logs on the user's device, but definitely not in the cloud."

 

Regards,

Erica

View solution in original post

0 Likes
Reply
2 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2020-03-19 09:11 AM

Jump to solution

Yildirim Zaynal‌,

 

My apologies for the delay in replying to your post.  I did get a response from product management on your question.  They say, "CAS doesn't get notified in any way if someone tried to use the Authenticate app on a jailbroken phone. There most likely will be logs on the user's device, but definitely not in the cloud."

 

Regards,

Erica

0 Likes
Reply
YildirimZaynal1
Beginner
Beginner
‎2020-03-19 09:17 AM

Jump to solution

Dear Erica,

 

Thank you for the response. We are using an on-prem RSA Authentication manager, built on an appliance. The version is 8.3 p4. 

 

We see on the backend CT-KIP requests happening on the jailbroken device, and then immediately the created token is deleted. It would be most useful and logical to add a simple feature on the app side or the RSA backend side to pickup attempts when jailbroken, and report it.

 

This is a critical feature that should be there, we need to know which users who may have tried to jailbreak their devices, and these are unmanaged devices. If this log entry doesnt exist, please escalate accordingly to have this added. It is of utmost importance for our security to know this, and who is attempting in order to stop attacks before they happen.

 

Kind regards,

Yildirim

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.