Check Point Software Technologies has discovered a serious vulnerability in the operating system iOS. Security breach “SideStepper” can be used to install malicious apps on iPhone and iPad-connected solutions to mobile device management (MDM). On it informs CNews referring to Check Point.
Team Check Point for research on mobile threats have presented details about this vulnerability at the Black Hat Asia conference in Singapore, 2016. SideStepper allows hackers to bypass the security enhancements in iOS 9 designed to protect users from installing malware enterprise applications. These improvements require the user to load applications manually to confirm that he trusts the developer certificate.
However, enterprise apps that are installed using MDM, do not need manual approval of the user. The intruders install malicious configuration on the device by means of phishing. They then use the attack Man-in-the-Middle (MitM), which allows you to intercept and spoof commands to the MDM iOS device, including to quietly install malicious applications. As a result, in the hands of the hackers might be any critical corporate information, said the company.
The vulnerability potentially dangerous for millions of iPhone and iPad devices that are connected to MDM. Attackers can upload malicious apps that will allow you to: capture screenshots including screenshots of the work in protected containers; to capture data entered from the keyboard (logon credentials to applications and private offices), to send important information to the remote server; remotely control the camera and microphone, to get any images and recordings from infected devices.
According to representatives of Check Point, without advanced solutions to detect mobile malware, the user will most likely not be able to track suspicious activity on your device. To protect against vulnerabilities in the company SideStepper is recommended to use enterprise solutions for mobile security and carefully check all downloads apps on their legitimacy.
