Mobile Device Management (MDM) software makes it possible to manage corporate mobile devices remotely. Who by installing an application receives an application MDM software should however at a critical look at this request, first check whether the request actually came from the IT department before proceeding to installation. Cybercriminals seem MDM software namely also exploit to install malware on mobile devices.
The attack is described by the security company Check Point Software Technologies. Employees are using mobile devices to access all kinds of (sensitive) business data. It is therefore important that these devices are well-managed and are safe. Companies can do this using MDM solutions that can be remotely managed enterprise mobile devices. Who MDM solutions, it is possible to delete mobile devices remotely, lock, new apps to install or to provide updates.
Evil configuration file
MDM software therefore intended to secure the business use of mobile devices. However, the software appears to be able to be exploited by cybercriminals. If they succeed users to install a malicious configuration file on their mobile device, they can install via MDM software from malicious apps on the device. An employee may be tempted to install such a malicious configuration profile via a phishing email, in which an attacker example occurs when an IT administrator and asks to install a new configuration file on the device.
Once this configuration file is installed attackers can abuse the possibility apps over-the-air to send to devices. This allows the application will appear on the mobile device for workers to install a particular app. Once the request is accepted, the application is automatically installed without IT administrators having to take physical hands the device. Using attackers can mimic MDM software malicious configuration file and an installation request for a malicious app send to mobile devices.
Look critically at installation requests
Check Point recommends business users of mobile devices that are equipped with MDM software is always a critical look at installation requests. If doubts about the legitimacy of an application, users can request confirmation by the IT department.
No comments:
Post a Comment