A slide from Check Point’s presentation on “SideStepper” showing a malicious server pushing a fraudulent application to an iOS 9 device—all thanks to MDM hacking and Apple enterprise developer certificates. (credit: Check Point Software Technologies Ltd.)

Security researchers at Check Point Software claim to have found a weakness in Apple’s mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed “SideStepper,” the approach could allow an attacker to hijack enterprise management functions and bypass Apple’s application security.

By sending a link to a victim’s device, someone could take control of the MDM software on the phone and push potentially malicious applications to the device as well as perform other configuration changes as a remote administrator. While Apple’s security screening for the applications it allows into its App Store is rigorous, there is a backdoor left in the screening process: enterprise app stores. And new research by Check Point being presented at Black Hat Asia 2016 shows that even with security improvements in iOS 9, attackers can kick that backdoor in by hijacking the enterprise management connection.

As long as they’ve registered with Apple’s enterprise developer program to get a software signing certificate, attackers can social engineer victims into consenting to install applications that expose nearly every aspect of their phone’s settings and data simply by abusing enterprise policy settings.

Read 7 remaining paragraphs | Comments


Weakness in iOS enterprise hooks could let bad apps sneak in