Wednesday, February 24, 23:32 p.m.
Home security Vulnerabilities in MobileIron MDM servers used by hackers

Vulnerabilities in MobileIron MDM servers used by hackers

State hacking groups and other criminals are exploited vulnerabilities into a MobileIron MDM servers and acquire access in corporate networks.

MobileIron MDM servers

About a month ago, information was released about three serious vulnerabilities in a server used to manage mobile devices. Now, many hacking groups have begun exploiting these bugs to gain access to and control of corporate servers, which will allow them to gain access and in company networks.

According to the researchers, the target of these attacks are MDM servers from the software maker MobileIron.

The initials MDM come from the words "Mobile Device Management". The systems MDMs are often used in business as they allow the management of employees' mobile devices. System administrators can develop certificates, applications, access control lists, and delete stolen phones from a central server.

To enable the above actions, MDM servers must be constantly connected to the Internet. Thus, the telephones of employees who work remotely, can "report" to the company and receive the latest updates.

MobileIron MDMs: Three major vulnerabilities were discovered

In the summer, a security researcher by the name Orange Tsai discovered three major vulnerabilities in MobileIron's MDM servers. The researcher reported the errors in company and she corrected them in July.

However, Tsai decided not to give information about the vulnerabilities, so that they have time Companies to protect their systems.

Many companies do not seem to have done so. Tsai finally spoke in September about the three vulnerabilities, after using one of them to break into Facebook's MDM server and roam the company's internal network. This, of course, was part of his bug bounty program Facebook.

Released POC at Github

Some security researchers have used the details provided by Tsai to create them in public proof-of-concept (PoC) exploits for CVE-2020-15505, the most dangerous of the three vulnerabilities.

This PoC exploit was released on GitHub and made available to other security researchers and penetration testers. However, it was also found in the hands of criminals.

The first wave of attacks took place in early October and was detected by its investigators RiskIQ.

RiskIQ did not provide much information about these attacks, but a report from BlackArrow, published on October 13, reports efforts of one hacker to invade MobileIron MDM systems and install Kaiten DDoS malware.

Companies, however, are not the only ones at risk from this malware. THE US National Security Agency (NSA) registered MobileIron CVE-2020-15505 as one of the top 25 vulnerabilities, exploited by its state hackers China the last months.

The NSA said that the Chinese hackers use the MobileIron error, along with other vulnerabilities, to initially compromise systems (connected to the Internet) and gain access to internal networks.

Companies must inform them immediately MDM servers

MobileIron says it has more than 20.000 customers using MDM solutions, including many Fortune 500 companies. Therefore, this vulnerability is indeed one of the most dangerous bugs in recent months.

If companies do not update their MobileIron MDM servers, they may face difficult situations.

But, according to ZDNet, patching is just one part of the job that needs to be done. Companies must also perform checks on their MobileIron MDM servers, mobile devices and internal networks. Vulnerability CVE-2020-15505 can be considered a "gateway bug". After exploitation, intruders can use this error to take control of the entire MDM server and to develop malware on mobile devices connected to it. They can also acquire access to the interior network the company's, to which the MDM server may be connected.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Huawei: Wearables are becoming available for other applications

While the dispute between Huawei and the USA continues unabated, the company seems to be doing quite well in the field of ...

How to create a Progress Bar in Microsoft PowerPoint

A progress bar is a graphic that, in PowerPoint, visually represents the percentage of presentation slides that have been completed. See ...

EU: AI makes autonomous vehicles "extremely vulnerable" to cyber attacks

The goal of autonomous vehicles is to be able to avoid human error and save lives, but a new report of ...

Security officials to Senate to invade Capitol: "It was a coordinated attack"

Security officials testified Tuesday that they believe the January 6 riot at the Capitol was a "coordinated attack" as they were pressured by senators ...
00:02:36

Universal Android Debloater: Get rid of unwanted applications

https://www.youtube.com/watch?v=JAEEtDl9AoU Οι προεγκατεστημένες εφαρμογές, γνωστές και ως "bloatware", είναι συνηθισμένη πρακτική των κατασκευαστών συσκευών για να ωθούν...

One UI 3.1: Samsung DeX gets wireless support!

A few weeks ago, it was discovered that the Galaxy S1 series was equipped with wireless support for DeX on PC. As it turns out, you can ...

Google Password Checkup feature is coming to Android

Android users can now take advantage of the Password Checkup feature that Google first introduced in the browser ...

The World Wide Web may be coming to an end. Where does this come from?

In recent years, the World Wide Web has begun to look less "global". Developments in the field of technology and the Internet, ...

United Kingdom: Organizations related to critical infrastructure have been breached

A new study by Bridewell Consulting showed that the vast majority (86%) of organizations managing critical national infrastructure in the UK ...

Honda wants to put a drone in the tail of an electric motorcycle

Well, this is definitely one of the strangest news that has been released lately: Honda wants to put a mini ...