Researchers from security firm CheckPoint presented at the Black Hat Asia 2016 conference a new exploit to attack iOS 9 devices that are enrolled in a business scale management system.
The enterprise devices are vulnerable from using past methods that relied on rogue enterprise developer certificates to infect iPhones and iPads with malware.
Enterprise certificates are offered by Apple to businesses to allow them to distribute apps to their managed devices, even if the apps are not included in the App Store. This allows companies to install apps into iPhones and iPads without the apps having to go through Apple's rigorous app review process.
However, it can be remembered that these certificates have been abused in the past. Before Apple launched iOS 9, users only had to tap a "Trust" option once to install an enterprise app that was not trusted by the App Store. Because users have the tendency of ignoring security warnings, criminals have been able to use the exploit to infect devices with malware.
One of the recent examples of malware taking advantage of the vulnerability is the YiSpecter, which downloads apps without users knowing and exposes them to unwanted full-screen ads, among other annoyances.
With the release of iOS 9, Apple looked to solve the problem by requiring multiple steps in trusting enterprise apps. However, CheckPoint pointed out that Apple designed the mobile operating system to trust apps that were installed by a mobile device management system.
Through such systems, enterprise devices can be centrally administered. The weak point here is that communications between the system and the enterprise devices are vulnerable to man-in-the-middle attacks.
Attackers could trick targets to install a malicious configuration profile, which can then be used to hijack communications between the mobile device management system and the device. Attackers could then launch commands that are imitated from the mobile device management system's own commands to install malware into the device.
There is an assumption that users with enterprise devices enrolled under a mobile device management system would be more vigilant against such exploits. However, a case study by CheckPoint revealed that in 5,000 iOS devices owned by a Fortune 100 company, there were 116 enterprise certificates installed, with 11 of them belonging to developers that were not trustworthy because they had little to no information on their reputation.
The exploit, which CheckPoint has named the SideStepper, was reported by the firm to Apple in October 2015.
