SideStepper: Bypassing the iOS Gatekeeper to Attack iPhone and iPad Devices

Check Point will disclose details about SideStepper, a vulnerability that can be used to install malicious enterprise apps on iPhone and iPad devices enrolled with a mobile device management (MDM) solution. The Check Point mobile research team will present details about this vulnerability at Black Hat Asia 2016 in Singapore on April 1, 2016 at 10:15AM local time.
What is SideStepper?
SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.
However, enterprise apps installed using an MDM are exempt from these new security enhancements. An attacker can hijack and imitate trusted MDM commands on an iOS device, including over-the-air installation of apps signed with enterprise developer certificates. This exemption allows an attacker to side-step Apple’s solution meant to thwart installation of malicious enterprise apps.
How are iPhone and iPad devices exposed to this vulnerability?
First, an attacker convinces a user to install a malicious configuration profile on a device by using a phishing attack. This simple and often effective attack method uses messaging platforms like SMS, instant messaging, or email to trick users into clicking a malicious link.Once installed, this malicious profile allows an attacker to stage a Man-in-the-Middle (MitM) attack on the communication between the device and an MDM solution. The attacker can then hijack and imitate MDM commands that iOS trusts, including the ability to install enterprise apps over-the-air.
What iOS devices are at risk?
The vulnerability potentially impacts millions of iPhone or iPad devices enrolled with an MDM solution. The Check Point mobile research team will demonstrate this vulnerability at Black Hat Asia 2016 using an iPhone running iOS 9.2.
How would I know if my iPhone or iPad is under attack?
Without an advanced mobile threat detection and mitigation solution on the iOS device, there is little chance a user would suspect any malicious behavior had taken place. On a managed iOS device commands from an MDM are trusted, and because these commands appear to the user as coming from the MDM that already manages the device, the entire process seems authentic.
What’s the risk if an attacker exploits the vulnerability on my device?
There are a number of MDM commands an attacker could use to exploit the vulnerability ranging from nuisances to data exfiltration. The research team will demonstrate at Black Hat Asia, how an attacker can install malicious apps that may include a broad range of functionalitySince iOS trust these apps, and because the installation process is familiar to the user, infection is seamless and immediate. This vulnerability puts the user, the security of sensitive information on the device, and voice conversations in proximity to the device at significant risk. Malicious apps can be designed to:
Capture screenshots, including screenshots captured inside secure containers
Record keystrokes, exposing login credentials of personal and business apps and sites to theft
Save and send sensitive information like documents and pictures to an attacker’s remote server
Control sensors like the camera and microphone remotely, allowing an attacker to view and capture sounds and images
How can I protect myself from this vulnerability?
Check Point recommends taking several steps to mitigate the risk:
Ask your enterprise to deploy a mobile security solution that detects and stops advanced mobile threats.
Examine carefully any app installation request before accepting it to make sure it’s legitimate.
Contact your mobility, IT, or security team for more information about how it secures managed devices.
Use a personal mobile security solution that monitors your iOS device for any malicious behavior.
Where can I learn more about SideStepper?
The Check Point mobile threat research team has compiled a report that includes a detailed analysis of how attackers can exploit the SideStepper vulnerability on iOS devices. (photo: Check Point)

Check Point svela SideStepper, vulnerabilità di iOS

Il team mobile research di Check Point Software Technologies, azienda specializzata in cybersicurezza, annuncia di avere scoperto una nuova vulnerabilità, SideStepper, in grado di introdursi nel sistema iOS sfruttando le soluzioni MDM (mobile device management), che rappresentano un accesso privilegiato, perché non sono compresi nell’aggiornamento di sicurezza di iOS9. L’annuncio è in corso di diffusione in questo momento alla conferenza Black Hat Asia 2016, Singapore. SideStepper è una vulnerabilità che permette agli hacker di scavalcare gli aggiornamenti di sicurezza di iOS9 introdotti per tutelare gli utenti dall’installare app aziendali malevole. Questi miglioramenti richiedono all’utente di compiere diverse fasi nelle impostazioni del dispositivo per accettare il permesso di uno sviluppatore, rendendo così più difficile l’installazione casuale di un’app malevola. Tuttavia, le app aziendali installate attraverso gli MDM sono escluse da questi nuovi aggiornamenti di sicurezza. Un hacker potrebbe eseguire un hijack oppure imitare i comandi di un MDM accettato su un dispositivo iOS, inclusa l’installazione di app firmate con i permessi di uno sviluppatore, in modalità OTA. Questa esclusione permette a un hacker di saltare la soluzione di Apple creata per limitare l’installazione di app aziendali malevole.Per prima cosa, un hacker convince l’utente a installare un profilo di configurazione malevolo su un dispositivo, sfruttando un attacco di phishing attraverso un SMS, una chat o una mail contenente un link malevolo. Una volta installato, questo profilo malevolo consente di sferrare un attacco man-in-the-middle nella comunicazione tra il dispositivo e la soluzione MDM. In seguito, l’hacker potrà così eseguire l’hijack e imitare i comandi MDM accettati da iOS, con l’eventualità di installare app aziendali in OTA.