Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Attackers Can Install Malware on iOS via MDM Solutions

Researchers have discovered a method that can be used to install malware on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.

Researchers have discovered a method that can be used to install malware on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.

Security firm Check Point has classified the issue as a vulnerability, which it has dubbed “SideStepper.” While experts believe this is a “possible security flaw” in the iOS 9 operating system, Apple sees it as expected behavior.

Apple allows users to install applications on non-jailbroken iPhones and iPads only from the official App Store, where all apps are verified by the company before being made available for download. In order to allow enterprises to distribute internally-used apps without having to go through the verification process, Apple has created a Developer Enterprise Program. The program allows organizations to install internal apps on employee devices using enterprise certificates signed by Apple.

After seeing that enterprise certificates had been abused for malicious purposes, including by jailbreakers, spyware makers (Hacking Team and FinFisher), and malware creators (WireLurker and YiSpecter), Apple introduced new security features in iOS 9. Starting with iOS 9, users need to go through a process to verify the app developer before the application can be executed, unlike earlier version of iOS where such applications could be easily executed as users were only shown a message when they first opened the app to inform them that it came from an unknown developer.

The SideStepper technique, which Check Point researchers will detail at the Black Hat Asia conference on Friday, allows attackers to install potentially malicious apps on iOS devices by abusing MDM solutions.

MDM solutions allow enterprises to easily manage their employees’ mobile devices, including to install apps, deploy security policies, and remotely wipe lost or stolen phones. The problem is that malicious actors can launch man-in-the-middle (MitM) attacks against such products.

According to Check Point, an attacker can conduct an MitM attack by installing a malicious iOS configuration profile that allows them to install a root CA and route traffic through a VPN or proxy to a server they control.

When the MDM solution is used to send a command to an iOS device, the attacker can intercept the command and replace it with a request to install an arbitrary application. The victim will not see any suspicious activity as the MDM app installation process doesn’t require the user’s explicit trust, making it difficult to distinguish legitimate enterprise apps from bogus programs delivered by hackers.

According to experts, the method can be used to deliver malware that is designed to capture screenshots, log keystrokes, harvest sensitive information, and hijack the camera and microphone.

Check Point has advised enterprises to implement solutions that enable them to assess the risk of malicious enterprise applications on mobile devices, and not to rely on the judgement of end users in BYOD environments.

Related: iOS App Patching Solutions Introduce Security Risks

Related: iOS Malware “AceDeceiver” Exploits Flaw in Apple DRM

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...