ENTERPRISE DATA AT RISK : IOS SANDBOX VULNERABLE
A risk has been reported in the devices as well as the MDM solutions after the incorporation of the change (Mobile Device Management solutions-MDM, Bring Your Own Device-BYOD ) for smooth workflow and management of an organisation.
Appthority Mobile Threat Team, has reported that the configuration settings of managed applications in the the sandbox app within the Apple's iOS versions prior to 8.4.1 can be easily accessed by anyone.
This proneness has been named as “QuickSand” as their is a loophole present in the Sandbox.
Mobile Device Management (MDM) manages the endowment, security and integration of all the mobile devices, including smartphones, tablets, and laptops, in an organization.
The MDM solutions aims at increasing the use of mobile devices, keeping them secure within the enterprise and simultaneously protecting the corporate network.
Some vendors like FancyFon, AirWatch, MobileIron and AmTel MDM, supply MDM and EMM (Enterprise Mobility Management) solutions allowing organizations to install corporate apps, configuration and credentials, to its mobile devices.
Thus employees can get an easy access to corporate resources.
Now, according to the researchers claim that all MDM clients as well as any mobile apps distributed via an MDM in a corporate environment, that use the 'Managed App Configuration' setting to configure and store private settings and information, will be affected in reaction to the violation.
How the Attack Works?
The user can be fooled in any of the following environment.
If the MDM solution has been implemented by
- pushing a malicious app in the complete organization
- Targeting a particular user and tricking him into various cyber attacks.
In the above mentioned situation chances of an organization getting trapped into severe cyber attack are high. Sensitivity and size of the information matter and thus are being managed using MDM solutions.
This not so world-shaking vulnerability has however has certainly uncovered the way to breach data and information to the hackers.
The vulnerability has been patched by a joint effort of Appthority and Apple security only for iOS version 8.4.1.
Appthority mobile team has provided MDM with some recommendations after demonstrating the weakness.