With the serial numbers, attackers could enroll rogue devices in an MDM server and obtain sensitive corporate information.Īpple should explore alternatives to serial numbers for DEP device registration, said Ira Grossman, CTO at MCPc Inc., an IT consultancy in Cleveland. This increases the likelihood of Apple DEP issues with security. The problem is that devices can supply that serial number through an undocumented private API, and serial numbers are susceptible to brute-force attacks. The device authenticates to the DEP API using a serial number and retrieves its activation record. Once Apple creates a record of the device through the DEP API, IT assigns that device to the MDM server, which obtains that device record and creates a DEP profile. The company in June rolled DEP and the Volume Purchase Program into a more comprehensive service called Apple Business Manager.Īpple maintains an activation record of devices' serial numbers in a database. "But it highlights the importance of thinking about authentication during an onboarding and MDM process." Apple DEP issues snag authenticationĪpple DEP automates the enrollment and configuration of iOS and macOS devices in an MDM platform. "It's safe to say that is not an active of attack right now," said Rich Smith, director of Duo Labs, part of Duo Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |