Thirteen iPhone users in India fell victim to malware attacks that exploited open source mobile device management (MDM) software to break into corporate devices.
In July 2018, security researchers from Cisco’s Talos security division discovered a campaign that has been running since 2015, using at least five applications. Two of these apps conducted phony tests on the devices, while others sent SMS messages back to the attackers and extracted location data and other information.
Why MDM Deployments May Be at Risk
The attackers were able to change passwords, revoke certificates and replace apps like WhatsApp and Telegram with malicious versions either by gaining physical access to the iPhones or by using social-engineering tactics.
These attacks come at a time when large enterprises are working harder than ever to provide a safe way for employees to access corporate networks via their mobile devices. Most organizations use MDM tools to do just that, but the threat actors behind the malware attacks exploited these systems to trick users into accepting malicious certificates.
Similar to opening a phishing email, this essentially gave remote management access to the attackers. While the researchers reported no immediate financial repercussions, they noted that switching out various mobile apps would enable cybercriminals to gather priority data from users or their employer.
Establish Security Policies to Limit Malware Attacks
While some data may be stored locally on a mobile device, IBM Security experts emphasize that security professionals can limit the impact of these malware attacks by establishing strong security policies to lock down access to the corporate network. According to a January 2018 IBM white paper, such policies could include setting up specific windows of availability for certain applications and data, as well as a passcode to protect the MDM app itself.