Security Market Segment LS
Sunday, 03 April 2016 10:21

iOS malware sidesteps iPhone mobile device management Featured


Even with Apple’s latest security enhancements, vulnerabilities in iOS 9 can expose sensitive personal and business information to cyber criminals.

Check Point; a pure-play security vendor has released information to the Black Hat Asia 2016 conference on SideStepper a vulnerability that can be used to install malicious enterprise apps on iPhone and iPad iOS 9.x devices enrolled with a mobile device management (MDM) solution.

SideStepper (free whitepaper – registration required) allows enterprise apps to be installed using an MDM certificate that is exempt from iOS 9.x security enhancements. It allows a cybercriminal to imitate trusted MDM commands including the over-the-air installation of apps signed with enterprise developer certificates.

This exemption allows an attacker to side-step Apple’s solution meant to thwart installation of malicious enterprise apps.

How do iPhone and iPad devices become exposed?

The cybercriminal uses a phishing attack to convinces a user to install a malicious configuration profile. This simple and often effective attack method uses familiar messaging platforms like SMS, instant messaging, or email to trick users into following a malicious link.

Once installed, this malicious profile allows an attacker to stage a Man-in-the-Middle (MitM) attack on the communication between the device and an MDM solution. The attacker can then hijack and imitate MDM commands that iOS trusts, including the ability to install enterprise apps over-the-air.

What iOS devices are at risk?

The vulnerability potentially impacts millions – any - iPhone/iPad devices with an installed MDM solution.

How would I know if my iPhone/iPad is under attack?

Apple does not allow access to iOS by third party providers of advanced mobile threat detection and mitigation so there is little chance a user would suspect any malicious behaviour had taken place.

On a managed iOS device commands from an MDM are trusted, and because these commands appear to the user as coming from the MDM that already manages the device, the entire process seems authentic.

What is the risk if the vulnerability is exploited?

There are some MDM commands an attacker could use to exploit the vulnerability ranging from nuisances to data exfiltration. Attackers can install malicious apps that include a broad range of functionality.

Since iOS trust these apps, and because the installation process is familiar to the user, infection is seamless and immediate. This vulnerability puts the user, the security of sensitive information on the device, and voice conversations in proximity to the device at significant risk. Malicious apps can be designed to:

  • Capture screenshots, including screenshots, captured inside secure containers
  • Record keystrokes, exposing login credentials of personal and business apps and sites to theft
  • Save and send sensitive information like documents and pictures to an attacker's remote server
  • Control sensors like the camera and microphone remotely, allowing an attacker to view and capture sounds and images


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments