Security Market Segment LS
Sunday, 03 April 2016 10:21

iOS malware sidesteps iPhone mobile device management Featured


Even with Apple’s latest security enhancements, vulnerabilities in iOS 9 can expose sensitive personal and business information to cyber criminals.

Check Point; a pure-play security vendor has released information to the Black Hat Asia 2016 conference on SideStepper a vulnerability that can be used to install malicious enterprise apps on iPhone and iPad iOS 9.x devices enrolled with a mobile device management (MDM) solution.

SideStepper (free whitepaper – registration required) allows enterprise apps to be installed using an MDM certificate that is exempt from iOS 9.x security enhancements. It allows a cybercriminal to imitate trusted MDM commands including the over-the-air installation of apps signed with enterprise developer certificates.

This exemption allows an attacker to side-step Apple’s solution meant to thwart installation of malicious enterprise apps.

How do iPhone and iPad devices become exposed?

The cybercriminal uses a phishing attack to convinces a user to install a malicious configuration profile. This simple and often effective attack method uses familiar messaging platforms like SMS, instant messaging, or email to trick users into following a malicious link.

Once installed, this malicious profile allows an attacker to stage a Man-in-the-Middle (MitM) attack on the communication between the device and an MDM solution. The attacker can then hijack and imitate MDM commands that iOS trusts, including the ability to install enterprise apps over-the-air.

What iOS devices are at risk?

The vulnerability potentially impacts millions – any - iPhone/iPad devices with an installed MDM solution.

How would I know if my iPhone/iPad is under attack?

Apple does not allow access to iOS by third party providers of advanced mobile threat detection and mitigation so there is little chance a user would suspect any malicious behaviour had taken place.

On a managed iOS device commands from an MDM are trusted, and because these commands appear to the user as coming from the MDM that already manages the device, the entire process seems authentic.

What is the risk if the vulnerability is exploited?

There are some MDM commands an attacker could use to exploit the vulnerability ranging from nuisances to data exfiltration. Attackers can install malicious apps that include a broad range of functionality.

Since iOS trust these apps, and because the installation process is familiar to the user, infection is seamless and immediate. This vulnerability puts the user, the security of sensitive information on the device, and voice conversations in proximity to the device at significant risk. Malicious apps can be designed to:

  • Capture screenshots, including screenshots, captured inside secure containers
  • Record keystrokes, exposing login credentials of personal and business apps and sites to theft
  • Save and send sensitive information like documents and pictures to an attacker's remote server
  • Control sensors like the camera and microphone remotely, allowing an attacker to view and capture sounds and images

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News