SideStepper exploit targets iOS MDM security
- By Amanda Ziadeh
- Mar 31, 2016
Some iOS smartphones enrolled in enterprise mobile device management programs may be vulnerable to attacks that can imitate trusted MDM commands to take over all a device’s controls and infiltrate the network.
The vulnerability is called SideStepper, according to Check Point Software Technologies, which will demonstrate the vulnerability at Black Hat Asia April 1. It gains access into iPhone and iPad credentials through installed MDM solutions that bypass Apple’s newest software security enhancements, according to Check Point.
While Apple protects individual users from malicious downloads with security enhancements in iOS 9 and by vetting the apps available in its app store, the company’s Enterprise Program allows organizations to register internally developed apps with Apple, sign up and pay for an enterprise certificate and publish those applications directly onto iOS devices, Check Point Vice President of Security Solutions Avi Rembaum told GCN.
However, “We’ve also seen that these enterprise apps are indeed becoming ways of writing and distributing malware that then get used on iOS devices,” Rembaum said.
With the updated iOS 9, it is harder for individual users to download malicious apps accidently because they must go through more steps to trust an enterprise developer certificate. Enterprise apps installed via a MDM, however, are exempt from these extra procedures, so an infected device gives attackers a way to stage a man-in-the-middle attack that hijacks communications between managed iOS devices and MDM solutions.
A device can become infected when an attacker sends a phishing link through text or email that installs a malicious configuration profile. Once downloaded, the attacker waits for an MDM server command and replaces it with its own, thereby allowing the attacker to use its server to communicate with devices in the MDM program.
With man-in-the-middle attacks, “MDM becomes a vehicle for attackers to effectively send users malicious apps,” Rembaum said.
SideStepper can affect all the data on the device, including enterprise data. It has the potential to infiltrate the 79 percent of iPhones and iPads using iOS 9 if they are enrolled in MDM programs.
According to Check Point, these malicious apps could take screenshots, record keystrokes, expose login credentials, save and send documents and pictures and manage control sensors of the camera and microphone remotely.
Rembaum said it is hard to detect that a device has been infected, as there are no visual signs, so organizations need to deploy a multilayered security approach to mobile devices the same way that they do on networks. “It’s important to understand that the MDM is not the only required security control to consider,” Rembaum said.
While MDM is a very important part of enterprise mobile security program and iOS 9 in itself has additional security controls, Rembaum recommended a combination of MDM, employee awareness training and implementations of anti-malware attack protections on mobile devices similar to those used on desktops, laptops and networks.
Amanda Ziadeh is a former reporter/producer for GCN.