Security researchers from the Check Point firm have devised a method to install a malicious code on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.
The technique relies on a vulnerability dubbed by the experts SideStepper, but that Apple considers it as a normal behavior.
“SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” state the blog post published by Check Point.
Apple allows enterprises to distribute internally-used apps through a Developer Enterprise Program instead passing through the App Store. In order to install the apps, enterprises need to use certificates signed by Apple.
The program allows organizations to install internal apps on employee devices using enterprise certificates signed by Apple.
However, hackers have abused in several circumstances of digital certificates so Apple introduced new security enhancements in iOS 9.
“These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” States the CheckPoint firm.
MDM solutions are used by enterprises to easily manage mobile devices used by employees. MDM allows the easy management of any aspect of the mobile devices, including installing apps, deployment of security policies, and remotely wipe phones.
Experts at CheckPoint firm highlighted that threat actors can launch a man-in-the-middle (MitM) attack against the MDM solution to allow the installation of malicious enterprise apps over-the-air, this is possible because Apple gives apps installed using MDMs the possibility to bypass security measures.
Malicious MDM-distributed apps can be abused by using the following process:
Basically, the attackers could intercept the command sent by the MDM to the devices and replace it with a request to install a malicious app. The operation doesn’t need user’s interaction making hard to discover the attack.
The SideStepper technique could be used to infect Apple devices and control them with a malicious code.
CheckPoint suggests enterprises to carefully assess the risk of malicious applications on mobile devices.
Experts from CheckPoint will present the SideStepper method at the Black Hat Asia conference Today.
Security Affairs – (SideStepper, Apple iOS)