By Catalin Cimpanu
Mobile security experts at Check
Point, an international cyber-security vendor based in Tel Aviv, Israel,
have discovered a new method of bypassing iOS security protections in
order to install malware on the device.
Mobile security experts at Check
Point, an international cyber-security vendor based in Tel Aviv, Israel,
have discovered a new method of bypassing iOS security protections in
order to install malware on the device.
This new attack, nicknamed SideStepper, targets iOS devices used in enterprise environments, usually enrolled in MDM (Mobile Device Management) setups.
MDM solutions are usually installed in large
companies that provide iOS devices to their workers, but also need
custom apps to interface with their private data servers. Such apps
can't be hosted on Apple's App Store, so Apple issues special enterprise
certificates which the company then uses to sign these apps.
Attack bypasses recent iOS 9 security measures
The employee then uses a process called app
side-loading, which Apple allows, to install iOS apps from non-App Store
sources. In the past, malware authors have stolen enterprise
certificates and have often used them to sign malicious apps which users
would then side-load, fooled by advertising or the promise of features
not found on the official App Store.
With the release of iOS 9, Apple has made the process of side-loading apps much harder, requiring much more user interaction.
Check Point experts say that they've discovered that
iOS users enrolled in an MDM setup can be exploited by attackers to
install additional apps, along their current enterprise-approved
applications.
SideStepper attacks is carried out via email, SMS, or IMs
Researchers say that in their tests, they've
discovered that they could send a malicious configuration profile (via
SMS, IM, or email) to an iOS device already running MDM-approved apps
that benefit from an Apple-approved enterprise certificate.
This malicious configuration profile piggybacks on
the legitimate enterprise certificate to install malicious apps via a
trivial MitM (Man-in-the-Middle) attack.
This method allows an attacker to deliver his
malicious app to the device without being hindered by Apple's security
measures. The impact of this vulnerability depends on the type of
malicious app the attacker wants to push to the device.
More details about the SideStepper attack will be
provided tomorrow in a presentation at Black Hat Asia 2016 in Singapore.
Check Point's presentation will be demonstrated on a device running iOS
9.2. In the meantime you can download and read Check Point's SideStepper report.
SideStepper Attack Targets Corporate iOS Devices
Post a Comment