WHAT IS SIDESTEPPER?
SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, thereby making it harder to install a malicious app accidentally.
However, enterprise apps installed using an MDM are exempt from these new security enhancements. An attacker can hijack and imitate trusted MDM commands on an iOS device, including over-the-air installation of apps signed with enterprise developer certificates.
This exemption allows an attacker to side-step Apple’s solution meant to thwart installation of malicious enterprise apps.
HOW DO iPHONE AND iPAD DEVICES BECOME EXPOSED?
First, an attacker convinces a user to install a malicious configuration profile on a device by using a phishing attack. This simple and often effective attack method uses familiar messaging platforms like SMS, instant messaging, or email to trick users into following a malicious link.
Once installed, this malicious profile allows an attacker to stage a Man-in-the-Middle (MitM) attack on the communication between the device and an MDM solution. The attacker can then hijack and imitate MDM commands that iOS trusts, including the ability to install enterprise apps over-the-air.
WHAT iOS DEVICES ARE AT RISK?
The vulnerability potentially impacts millions of iPhone or iPad devices enrolled with an MDM solution. The Check Point mobile research team will demonstrate this vulnerability at Black Hat Asia 2016 using an iPhone running iOS 9.2.
HOW WOULD I KNOW IF MY iPHONE or iPAD IS UNDER ATTACK?
Without an advanced mobile threat detection and mitigation solution on the iOS device, there is little chance a user would suspect any malicious behaviour had taken place. On a managed iOS device commands from an MDM are trusted, and because these commands appear to the user as coming from the MDM that already manages the device, the entire process seems authentic.
WHAT IS THE RISK IF THE VULNERABILITY IS EXPLOITED?
There are a number of MDM commands an attacker could use to exploit the vulnerability ranging from nuisances to data exfiltration. The research team will demonstrate at Black Hat Asia, how an attacker can install malicious apps that may include a broad range of functionality.
Since iOS trust these apps, and because the installation process is familiar to the user, infection is seamless and immediate. This vulnerability puts the user, the security of sensitive information on the device, and voice conversations in proximity to the device at significant risk. Malicious apps can be designed to:
- Capture screenshots, including screenshots captured inside secure containers
- Record keystrokes, exposing login credentials of personal and business apps and sites to theft
- Save and send sensitive information like documents and pictures to an attacker’s remote server
- Control sensors like the camera and microphone remotely, allowing an attacker to view and capture sounds and images
HOW CAN I PROTECT MYSELF FROM THIS VULNERABILITY?
Check Point recommends taking several steps to mitigate the risk:
- Ask your enterprise to deploy a mobile security solution <http://www.checkpoint.com/mobilesecurity> that detects and stops advanced mobile threats.
- Examine carefully any app installation request before accepting it to make sure it’s legitimate.
- Contact your mobility, IT, or security team for more information about how it secures managed devices.
- Use a personal mobile security solution <https://itunes.apple.com/app/zonealarm-mobile-security/id1056132632?ls=1&mt=8> that monitors your device for malicious behaviour.
WHERE CAN I LEARN MORE ABOUT SIDESTEPPER?
The Check Point mobile threat research team has compiled a report that includes a detailed analysis of how attackers can exploit the SideStepper vulnerability on iOS devices. Click here <http://www.checkpoint.com/resources/sidestepper-ios-vulnerability/index.html?utm_source=blog&utm_medium=blog&utm_campaign=iossidestepper&source=blog> to download the report.
Click HERE to view a whitepaper.
