Security researchers at Check Point Software claim to have found a weakness in Apple's mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed "SideStepper," the approach could allow an attacker to hijack enterprise management functions and bypass Apple's application security.

By sending a link to a victim's device, someone could take control of the MDM software on the phone and push potentially malicious applications to the device as well as perform other configuration changes as a remote administrator. While Apple's security screening for the applications it allows into its App Store is rigorous, there is a backdoor left in the screening process: enterprise app stores. And new research by Check Point being presented at Black Hat Asia 2016 shows that even with security improvements in iOS 9, attackers can kick that backdoor in by hijacking the enterprise management connection.

As long as they've registered with Apple's enterprise developer program to get a software signing certificate, attackers can social engineer victims into consenting to install applications that expose nearly every aspect of their phone's settings and data simply by abusing enterprise policy settings.

 

 

 

 

 

 

 

 

 

 

 

ays ago, one of our readers posted a message in the general discussion forum about FIM (File Integrity Management) and, more precisely, which files/directories to monitor. Just a brief introduction for those who are not aware of File Integrity Monitoring: It">">This control is implemented via processes and enforced with tools. Like most of information security tools, its just a dumb tool! The challenge is to configure it in the right way to increase your chances to detect a malicious activity. Available tools are delivered with baselines for standard environments but must be fine tuned to match your own requirements.I think that it">">Basically, they are two types of data that you can">System files -">Data files - Those are the files used by your business">In the second case, its impossible to build a list of">Logging changes on sensitive department shares (HR, accounting, ">The implementation of a FIM has also side effects. A classic issue is patching systems. By replacing system files, patches can generate a huge amount of false positives.">">">">">">">">">">Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.