Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Attackers Can Install Malware on iOS via MDM Solutions

Researchers have discovered a method that can be used to install malware on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.

Researchers have discovered a method that can be used to install malware on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.

Security firm Check Point has classified the issue as a vulnerability, which it has dubbed “SideStepper.” While experts believe this is a “possible security flaw” in the iOS 9 operating system, Apple sees it as expected behavior.

Apple allows users to install applications on non-jailbroken iPhones and iPads only from the official App Store, where all apps are verified by the company before being made available for download. In order to allow enterprises to distribute internally-used apps without having to go through the verification process, Apple has created a Developer Enterprise Program. The program allows organizations to install internal apps on employee devices using enterprise certificates signed by Apple.

After seeing that enterprise certificates had been abused for malicious purposes, including by jailbreakers, spyware makers (Hacking Team and FinFisher), and malware creators (WireLurker and YiSpecter), Apple introduced new security features in iOS 9. Starting with iOS 9, users need to go through a process to verify the app developer before the application can be executed, unlike earlier version of iOS where such applications could be easily executed as users were only shown a message when they first opened the app to inform them that it came from an unknown developer.

The SideStepper technique, which Check Point researchers will detail at the Black Hat Asia conference on Friday, allows attackers to install potentially malicious apps on iOS devices by abusing MDM solutions.

MDM solutions allow enterprises to easily manage their employees’ mobile devices, including to install apps, deploy security policies, and remotely wipe lost or stolen phones. The problem is that malicious actors can launch man-in-the-middle (MitM) attacks against such products.

According to Check Point, an attacker can conduct an MitM attack by installing a malicious iOS configuration profile that allows them to install a root CA and route traffic through a VPN or proxy to a server they control.

When the MDM solution is used to send a command to an iOS device, the attacker can intercept the command and replace it with a request to install an arbitrary application. The victim will not see any suspicious activity as the MDM app installation process doesn’t require the user’s explicit trust, making it difficult to distinguish legitimate enterprise apps from bogus programs delivered by hackers.

Advertisement. Scroll to continue reading.

According to experts, the method can be used to deliver malware that is designed to capture screenshots, log keystrokes, harvest sensitive information, and hijack the camera and microphone.

Check Point has advised enterprises to implement solutions that enable them to assess the risk of malicious enterprise applications on mobile devices, and not to rely on the judgement of end users in BYOD environments.

Related: iOS App Patching Solutions Introduce Security Risks

Related: iOS Malware “AceDeceiver” Exploits Flaw in Apple DRM

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.