Apple's solution for mobile device management seems like an airtight process. Enterprise customers buy devices from registered retailers, these are automatically registered in Apple Business Manager which in turn integrates seamlessly with the customer's choice of MDM platform. A company can have devices set up and shipped to remote employees without ever touching them. With many seemingly airtight systems, the devil is in the details. How do all these systems fit together? How do they authenticate each other? And most importantly who is responsible for security? This talk will focus on the gaps between the systems and how an attacker can leverage those to compromise enterprise customers. We will reverse engineer the enrolment process in MacOS, bypass security controls, build rogue machines and look at a series of common misconfigurations that when combined can have devastating outcomes. We will see how the black box of the Apple MDM process can be opened up and can contain some surprising loot. By: Marcell Molnár | Lead Offensive Security Engineer, Form3 Magdalena Oczadły | Senior Offensive Security Engineer Full Abstract and Presentation Materials Available: https://ift.tt/PpI3ewL
source https://www.youtube.com/watch?v=qFxBneMlYZQ
Subscribe to:
Post Comments (Atom)
-
WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third global...
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
No comments:
Post a Comment