Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

SideStepper Assault Launched for Company iOS Devices


Check Point the security company based in Israel is about to demonstrate at Black Hat Asia Security Conference on 1st April 2016 in Singapore how Apple's iPads and iPhones having active MDM software (mobile-device-management) could encounter online assaults. Just some while ago the Developer Enterprise Program (DEP) of Apple was exploited for thrusting malevolent applications onto iOS gadgets, in particular via YiSpecter, XcodeGhost and WireLurker assaults.

The assaults involve obtaining certificates legitimately within the purview of DEP that enterprises can avail while developing mobile apps as well as distributing them internally among employees devoid of getting them to provide via Apple's App Store. To begin such SideStepper assault, one phishing text is dispatched telling to take down certain app from the Net. Nevertheless, there's a warning that performing the download may endanger the user security-wise. However, as the user may think it is his organization's own app, he may proceed to click. Komando.com posted this, March 31, 2016.

The moment an iOS device gets SideStepper, there's an automatic installation of malicious apps whenever the device user accepts fresh applications supposedly from his organization. Apple substantiated the assault following which it stated that it was clearly a phishing scam which deceptively got the user to load one configuration profile followed with loading an app. It wasn't an iOS flaw. Apple had incorporated protections into iOS that aided in alerting users about probable malicious content similar as the above.

During several months earlier, some malevolent iOS apps of China abused enterprise certificates loadable onto any iPad/iPhone. Although the latest editions of iOS enabled performing less unethical utilization of corporate certificates, according to Check Point's research, a combination of enterprise certificate and MDM software helps in getting around those latest constraints thereby enabling to load malevolent apps onto iOS gadgets having versions to the maximum of 9.2.

The above mentioned configuration profile works to modify the user's configurations making the MDM program on the device connect to some harmful MDM server instead of the actual organization server. The security flaw's effect changes with the kind of malevolent application the attacker targets on the device.

» SPAMfighter News - 4/7/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next