Security researchers have found that the Apple interface used to place iPhones and iPads in a Mobile Device Management (MDM) system can be misused to add malicious devices. That’s what Ars Technica reports.
MDM systems are often used by organizations to manage and limit the security of employee devices. For example, it is possible to block certain applications by means of a policy, and issue certificates to access VPNs.
However, Apple’s interface, DEP, to add devices to that system, can also be used for malicious purposes. Hackers can add malicious devices to these systems and gain confidential access to the enterprise systems. All it takes is to spoof a serial number from an already added device.
The vulnerability was discovered by researcher and development engineer James Barclay, together with researchers Pepijn Bruienne and Todd Manning. According to them, many companies only rely on a device’s serial number to ensure that the device is allowed to enter the network.
“By taking advantage of this verification weakness, an attacker can log any device into an organization’s MDM server, allowing them privileged access that is used to move forward within the network,” Barclay said. As a result, they may have access to confidential data or even full VPN access to internal systems.
A hacker can also use the DEP interface to collect information about an organization – such as phone numbers and email addresses – by obtaining the serial number of a logged in device via open source intelligence. This can also be done by getting the owner to give up the device or by brutally forcing the DEP API. All this information can be used in the event of an attack on an organisation to obtain enterprise data.
Apple’s MDM protocol does support the use of user authentication before the device is added. However, this is not mandatory, which means that many organisations do not use it. Then only a serial number is used. Serial numbers are unique to a device, but not necessarily secret. Often they can be found online. In addition, the format of Apple’s serial numbers is so well known that they are easy to reproduce.
Therefore, the easiest way to prevent these attacks is to enable user authentication before adding a device. Another way is not to trust the devices added through MDM systems until they are authorized.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.