MDM Hack Targeted 13 iPhones With Malicious Apps

1 minute read
| News

A highly-targeted attack via MDM (mobile device management) software installed malicious apps onto 13 iPhones. Cisco’s Talos Intelligence Group discovered the MDM hack.

[Apple is Making iPhone Hacking A Lot More Difficult for Law Enforcement with iOS 11.4]

MDM Hack

The attack appears to be in India, and involved the attackers getting 13 iPhones registered with rogue MDM servers. It then pushed out malicious apps that let the attackers track the location of the phones and read SMS messages.

Flowchart of the MDM hack.

MDM hack flowchart. Image credit: Talos

It used a “BOptions” sideloading technique to modify versions of apps like WhatsApp and Telegram. Talos researchers Warren Mercer, Paul Rascagneres, and Andrew Williams wrote a blog post:

The malicious code inserted into these apps is capable of collecting and exfiltrating information from the device, such as the phone number, serial number, location, contacts, user’s photos, SMS, and Telegram and WhatsApp chat messages. Such information can be used to manipulate a victim or even use it for blackmail or bribery.

Two servers identified were:

  • hxxp://ios-certificate-update[.]com
  • hxxp://www[.]wpitcher[.]com

MDM software lets an administrator manage multiple iDevices to install/remove apps, install/revoke certificates, lock devices, change password requirements, etc. The servers were registered with mail.ru addresses.

[MDM Archives – The Mac Observer]

2
Leave a Reply

Please Login to comment
1 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Andrew OrrLee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Lee Dronick
Member
Lee Dronick

Okay, is there any threat from this to the average iPhone user?