Apple's solution for mobile device management seems like an airtight process. Enterprise customers buy devices from registered retailers, these are automatically registered in Apple Business Manager which in turn integrates seamlessly with the customer's choice of MDM platform. A company can have devices set up and shipped to remote employees without ever touching them. With many seemingly airtight systems, the devil is in the details. How do all these systems fit together? How do they authenticate each other? And most importantly who is responsible for security? This talk will focus on the gaps between the systems and how an attacker can leverage those to compromise enterprise customers. We will reverse engineer the enrolment process in MacOS, bypass security controls, build rogue machines and look at a series of common misconfigurations that when combined can have devastating outcomes. We will see how the black box of the Apple MDM process can be opened up and can contain some surprising loot. By: Marcell Molnár | Lead Offensive Security Engineer, Form3 Magdalena Oczadły | Senior Offensive Security Engineer Full Abstract and Presentation Materials Available: https://ift.tt/PpI3ewL
source https://www.youtube.com/watch?v=qFxBneMlYZQ
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment