A vulnerability in Apple DEP allows hackers to access corporate resources
Researchers from Duo Security have discovered a flaw in Apple specialized service for the registration of the equipment manufacturer to the corporate MDM server. A vulnerability in the software interface, the Device Enrollment Program (DEP) allows attackers to connect my device to technical support resources of the organization.
Because of this, cybercriminals can compromise the entire network, and obtain e-mail addresses and phone companies to use them in subsequent attacks.
MDM technology allows the Corporation to install the necessary software on new devices as well as download updates or change the configuration of equipment connected to the corporate network. Every computer or mobile phone is logged on a dedicated server via DEP.
“When registering for the MDM server, the primary identifier is the serial number of the device. The Protocol allows pre-authentication of the user, but does not require it to include the new equipment in the pool support. Thus, finding out the unique number of the mobile phone or computer, which often can be found in the Internet, attackers are able to join the corporate update service. It may be a starting point to attack the internal resources of the company,” explained experts from Duo Security.
It is worth noting that in may of this year, experts Duo Security announced Apple discovered the flaw, but the company did not eliminate the vulnerability. The experts also prepared a number of recommendations to reduce the risk of exploitation of a bug.
Apple has already fixed bugs in the algorithms DEP macOS in July 2018. Then the configuration procedure of a new computer was vulnerable to attack type “Man in the middle”, and through the manipulation of the address of the XML manifest cyber criminals were able to implement ON the computer.