Enlarge (credit: Getty Images)
Mobile device management (MDM) systems are often used by organizations to manage the security of employees’ devices. But security researchers have found that the interface provided by Apple to enroll Apple devices in an MDM system can also be used to potentially introduce rogue devices into those systems and gain trusted access to enterprise systems—just by spoofing the serial number of an already enrolled device.
In a paper released today, Duo Senior Research and Development Engineer James Barclay, along with researchers Pepijn Bruienne and Todd Manning, have demonstrated an exploit of Apple’s mobile device management (MDM) enrollment interface, the Device Enrollment Protocol (DEP). By spoofing serial numbers of enrolled devices, attackers could connect malicious devices to corporate MDM systems and gain trusted status on their networks or mine valuable information about organizations using MDM and the devices that are connected to them.
While MDM systems are often used to lock down devices with organizationally mandated policies and distribute certificates to gain access to virtual private networks, they’re not always a guarantee of device security and have also been used for malicious purposes. And as the Duo researchers found, they can be turned against an organization if too much trust is put into them—because many rely solely on the serial number to ensure that the device is allowed to join a corporate network.
Read 6 remaining paragraphs | Comments
