Tuesday, October 27, 19:03
Home security Vulnerabilities in MobileIron MDM servers used by hackers

Vulnerabilities in MobileIron MDM servers used by hackers

State hacking groups and other criminals are exploited vulnerabilities into a MobileIron MDM servers and acquire access in corporate networks.

MobileIron MDM servers

About a month ago, information was released about three serious vulnerabilities in a server used to manage mobile devices. Now, many hacking groups have begun exploiting these bugs to gain access to and control of corporate servers, which will allow them to gain access and in company networks.

According to the researchers, the target of these attacks are MDM servers from the software maker MobileIron.

The initials MDM come from the words "Mobile Device Management". The systems MDMs are often used in business as they allow the management of employees' mobile devices. System administrators can develop certificates, applications, access control lists, and delete stolen phones from a central server.

To enable the above actions, MDM servers must be constantly connected to the Internet. Thus, the telephones of employees who work remotely, can "report" to the company and receive the latest updates.

MobileIron MDMs: Three major vulnerabilities were discovered

In the summer, a security researcher by the name Orange Tsai discovered three major vulnerabilities in MobileIron's MDM servers. The researcher reported the errors in company and she corrected them in July.

However, Tsai decided not to give information about the vulnerabilities, so that they have time Companies to protect their systems.

Many companies do not seem to have done so. Tsai finally spoke in September about the three vulnerabilities, after using one of them to break into Facebook's MDM server and roam the company's internal network. This, of course, was part of his bug bounty program Facebook.

Released POC at Github

Some security researchers have used the details provided by Tsai to create them in public proof-of-concept (PoC) exploits for CVE-2020-15505, the most dangerous of the three vulnerabilities.

This PoC exploit was released on GitHub and made available to other security researchers and penetration testers. However, it was also found in the hands of criminals.

The first wave of attacks took place in early October and was detected by its investigators RiskIQ.

RiskIQ did not provide much information about these attacks, but a report from BlackArrow, published on October 13, reports efforts of one hacker to invade MobileIron MDM systems and install Kaiten DDoS malware.

Companies, however, are not the only ones at risk from this malware. THE US National Security Agency (NSA) registered MobileIron CVE-2020-15505 as one of the top 25 vulnerabilities, exploited by its state hackers China the last months.

The NSA said that the Chinese hackers use the MobileIron error, along with other vulnerabilities, to initially compromise systems (connected to the Internet) and gain access to internal networks.

Companies must inform them immediately MDM servers

MobileIron says it has more than 20.000 customers using MDM solutions, including many Fortune 500 companies. Therefore, this vulnerability is indeed one of the most dangerous bugs in recent months.

If companies do not update their MobileIron MDM servers, they may face difficult situations.

But, according to ZDNet, patching is just one part of the job that needs to be done. Companies must also perform checks on their MobileIron MDM servers, mobile devices and internal networks. Vulnerability CVE-2020-15505 can be considered a "gateway bug". After exploitation, intruders can use this error to take control of the entire MDM server and to develop malware on mobile devices connected to it. They can also acquire access to the interior network the company's, to which the MDM server may be connected.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...