Hackers Using iOS MDM Solutions to Distribute Malware
Hackers have been trying to get malware into iOS devices for quite some time, but with very little luck. However, they didn’t back down and came up with different tools that allowed them to trick the users into installing malware. This meant that Apple had to up its game as well, and it did just that by introducing a couple of new steps for app installation through iOS 9. It looked like a foolproof mechanism that would keep hackers at bay, but unfortunately, that has not turned out to be the case, as was made pretty apparent during a presentation at the Black Hat Asia security conference recently.
iOS MDM Protocol Vulnerability Exposed
Researchers from Check Point Software Technologies took the stage and demonstrated that the communication that occurs between iOS and MDM products is not as safe as it is made out to be, stressing that iOS 9 malware threat is very much a reality. The team continued on to explain that the communication is very much hijackable and can be used by hackers to install malware on any non-jailbroken device without needing too much user interaction.
Most commonly, hackers use stolen enterprise development certificates in order to gain access to the App Store. These certificates allow companies to distribute internal apps for iOS devices, but in the wrong hands, they can do a whole lot of damage. When hackers have access to these certificates, they use them to gain access to the App Store and then infect the seemingly harmless apps at will.
In previous versions of iOS, apps released with an enterprise certificate required users to open a link where the app was hosted, and then it required them to agree to trust the developers. The process was put in place to enforce user interaction, but a little bit of social engineering allowed hackers to manipulate the required steps, hence fooling the users.
The Fortress is Breached Yet Again
Apple took note of this threat and introduced some new steps in its latest firmware, and it was thought to be a foolproof mechanism that would keep hackers away. However, after the demonstration done during the conference, it’s pretty clear that the way in which MDM products install on iOS still requires a lot of work. The middle-man during the communication between MDM and iOS is vulnerable, and hackers can make use of it to introduce malware into users’ devices with ease. Apple thought that this problem was taken care of with iOS 9 update, but the reality is quite the opposite.
The tech giant really has to step up its game now, otherwise it will not be able to uphold the reputation of being a safe haven that it claims to be.