Novel malware attack used mobile device management

By

Beware of installing additional certificates on devices.

Security researchers have made public a malware campaign that used enterprise mobile device management servers to gain total control of Apple iPhones in order to intercept and steal data from users.

Novel malware attack used mobile device management

Cisco's Talos security division discovered the novel attack which it said was highly targeted, striking only 13 iPhones in India.

The attacker had somehow managed to enroll the iPhones with two open source iOS MDM servers, which provided full control of the devices.

Once the devices were enrolled with the MDM server, a dynamic link library was injected into apps such as WhatsApp and Telegram on the iPhones.

Five malicious applications deployed by the attacker were used to test the functionality of the device, stealing SMS contents, exfiltrating data and sending location information.

The security researchers were not able to ascertain how the attacker had enrolled the devices onto the MDM server, a multi-stage process that requires user interaction to install digital certificates.

Enrollment could be achieved with physical device access, but Talos suspect it took place through social engineering, where users are tricked to accept malicious code being installed on their iPhones and click through prompts.

Installing certificates of unknown provenance could be very dangerous for users, Talos warned.

"By installing a certificate outside of the Apple iOS trusted certificate chain, you may open up to possible third-party attacks like this.

Users must be aware that accepting an MDM certificate is equivalent to allowing someone administrator access to their device and passwords, Talos stressed.

This must be done with great care in order to avoid security issues and should not be something the average home user does," the researchers wrote.

Talso notified Apple which has revoked the five digital certificates used by the attacker, whom the researchers believe is India-based despite using Russian email addresses.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?