We've talked here a few times about the Device Enrollment Program (DEP), Apple's program for companies that buy wholesale Macs, allows these computers to be set up automatically as soon as they first connect to a Wi-Fi network. Ma servers simply check the machine's serial number and automatically apply the settings there. selected by the company, while installing all required applications.
This entire process, as well as the subsequent remote maintenance of these Macs, is made possible through the server. Mobile Device Management (MDM), which the company in question maintains to administer the computers delivered to its employees. But according to research by Duo Research, this program may have a very important security hole.
Researchers have found that hackers can obtain a valid serial number to gain access to MDM and thus access various sensitive company and employee data such as emails, phones, addresses or even VPN access data (which means theoretically it would allow attackers to even change properties of these networks to affect the operation of entire companies).
The problem starts with the fact that Apple offers the option to authenticate MDM with a custom username and password, but some companies choose to bypass this security feature ie only with a valid serial number if possible. go through a DEP registered machine and have access to all the data listed above.
To obtain a valid serial number, a good number of methods can be implemented: hackers can impersonate employees of the company's IT area and get the number directly from an employee, for example, or even create a number generator. These codes are sequentially generated and, by getting some of them, it is possible to generate a pattern that will give attackers a range of possibilities to simulate ownership of a Mac enrolled in the program.
Of course, we are still not talking about an easy attack: hackers would have to have the serial number of a Mac already registered in the program, but it is not yet activated because, since the Mac is activated in MDM , your code is no longer valid. Still, a risk that companies must take into account when choosing the Apple program.
The researchers told Apple about the problem last May, but Apple did not say whether it was doing anything about it. In statement ForbesThe company stated that the vulnerability is not in its products and that it is recommended that companies use all available authentication methods to enforce their security. Still, it would be nice of Cupertino to do something about this like making login and password authentication mandatory, for example.
We'll see if Apple's instance stays that way or if Apple does something to fix the vulnerability.
via Cult of Mac