Researchers showed remote style hack for new Macs
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Related Stories
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Related Stories
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
User comments
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Related Stories
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
User comments
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Researchers showed remote style hack for new Macs
August 13, 2018 by Nancy Owano, Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
Credit: CC0 Public Domain
What could be a happier moment? You starting work with the setup process of a brand new Mac.
What could be an unhappier moment? You starting work with the setup process of a brand new Mac.
Excuse the quiz writers for puzzling over an answer key, as news unfolds that hacking would be possible via Apple's enterprise hardware management setup tools.
The result would be gaining remote access to the Mac.
It appeared that the new Mac could be compromised even before the user were to take it out of the box.
The researchers' findings were discussed at the recent Black Hat USA 2018 in Las Vegas. Jesse Endahl, chief security officer of Apple device management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, were at the show to explain their findings.
"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl said, in Cult of Mac.
What's it all about?
Simply put, the mischief maker can construct, as Mikey Campbell in AppleInsider wrote, " a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time."
The "enterprise tools" involved and being talked about at length are the Device Enrollment Program and Mobile Device Management platform.
"The attack takes advantage of enterprise Macs using Apple's Device Enrollment Program (.pdf) and its Mobile Device Management platform," said Buster Hein at Cult of Mac. "The enterprise tools allow companies to completely customize a Mac shipped to an employee straight from Apple. However, a flaw in the system allows attackers to put malware on the Macs remotely."
These very tools work in tandem so that companies can look forward to easy IT setup regimens in deploying a large number of devices to their workers, said AppleInsider.
As Wired also said, "The idea is that a company can ship Macs to its workers directly from Apple's warehouses, and the devices will automatically configure to join their corporate ecosystem after booting up for the first time and connecting to Wi-Fi."
And that advantage would make sense for businesses where some of the workforce are in a satellite office or working from their homes.
A Black Hat conference briefing item on the same said, "Our talk walks through the various stages of bootstrapping, showing which binaries are involved, the IPC flows on the device, and evaluates the network (TLS) security of key client/server communications. We will follow with a live demo showing how a nation-state actor could exploit this vulnerability such that a user could unwrap a brand new Mac, and the attacker could root it out of the box the first time it connects to WiFi."
Hein in Cult of Mac went on to explain that "when enterprise Macs use MDM [Mobile Device Management] to see which apps to install off the Mac App Store, there is no certificate pinning to verify the manifest's authenticity. Hackers could use a man-in-the-middle exploit to install malicious apps to access data. Making matters worse, the flaw could be used to hack an entire company's computers."
Campbell also looked at "certificate pinning," which is intended to authenticate web servers through the configuration process. "In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user."
Lily Hay Newman referred to "certificate pinning" in Wired as "a method of confirming that particular web servers are who they claim."
A problem during one step was spotted by the researchers. "When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity."
Endahl said in his company 's news release that "under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state."
Apple's response? According to reports, Apple addressed the issue when notified by the researchers, in that the vulnerability was patched in macOS High Sierra 10.13.6.
googletag.cmd.push(function() googletag.display('div-gpt-ad-1453799284784-2'); );
Explore further:
Apple withdraws some China apps after malware found
shares
feedback to editors
© 2018 Tech Xplore
shares
feedback to editors
shares
shares
shares
feedback to editors
googletag.cmd.push(function() googletag.display('div-gpt-ad-1453799284784-3'); );
- Featured
- Last comments
- Popular
- Most shared
A new artificial neural network framework for gait based biometrics 23 hours ago
DeepMind sees promising AI results for data center cooling system Aug 20, 2018
Patent talk: Siri with personalized responses for nice support chops Aug 19, 2018
A light-weight and accurate deep learning model for audiovisual emotion recognition Aug 17, 2018
When ok is not ok: Security presenter talks about synthetic clicks Aug 17, 2018
A new artificial neural network framework for gait based biometrics 23 hours ago
DeepMind sees promising AI results for data center cooling system Aug 20, 2018
Patent talk: Siri with personalized responses for nice support chops Aug 19, 2018
A light-weight and accurate deep learning model for audiovisual emotion recognition Aug 17, 2018
When ok is not ok: Security presenter talks about synthetic clicks Aug 17, 2018
WPA3 security protocol will keep Wi-Fi connections safer
Researchers investigate potential threat to speech privacy via smartphone motion sensors
Cortana vulnerability has been patched
Firmware, blind spots flagged by Spectre attack research
Well, that was easy: Two-factor authentication hack feeds on phony e-mail
Amazon has mitigations so that Alexa does not turn into eavesdropper
F-Secure finds a way to hack older RFID based hotel key locks
Princeton's tech watchers shine glaring light on web tracking, data slurping
PowerHammer is wake-up call to data-stealing through power lines
Internet to TLS 1.3: Where have you been all my life
WPA3 security protocol will keep Wi-Fi connections safer
WPA3 security protocol will keep Wi-Fi connections safer
WPA3 security protocol will keep Wi-Fi connections safer
Researchers investigate potential threat to speech privacy via smartphone motion sensors
Researchers investigate potential threat to speech privacy via smartphone motion sensors
Researchers investigate potential threat to speech privacy via smartphone motion sensors
Cortana vulnerability has been patched
Cortana vulnerability has been patched
Cortana vulnerability has been patched
Firmware, blind spots flagged by Spectre attack research
Firmware, blind spots flagged by Spectre attack research
Firmware, blind spots flagged by Spectre attack research
Well, that was easy: Two-factor authentication hack feeds on phony e-mail
Well, that was easy: Two-factor authentication hack feeds on phony e-mail
Well, that was easy: Two-factor authentication hack feeds on phony e-mail
Amazon has mitigations so that Alexa does not turn into eavesdropper
Amazon has mitigations so that Alexa does not turn into eavesdropper
Amazon has mitigations so that Alexa does not turn into eavesdropper
F-Secure finds a way to hack older RFID based hotel key locks
F-Secure finds a way to hack older RFID based hotel key locks
F-Secure finds a way to hack older RFID based hotel key locks
Princeton's tech watchers shine glaring light on web tracking, data slurping
Princeton's tech watchers shine glaring light on web tracking, data slurping
Princeton's tech watchers shine glaring light on web tracking, data slurping
PowerHammer is wake-up call to data-stealing through power lines
PowerHammer is wake-up call to data-stealing through power lines
PowerHammer is wake-up call to data-stealing through power lines
Internet to TLS 1.3: Where have you been all my life
Internet to TLS 1.3: Where have you been all my life
Internet to TLS 1.3: Where have you been all my life
googletag.cmd.push(function() googletag.display('div-gpt-ad-1453799284784-1'); );
Related Stories
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
More efficient security for cloud-based machine learning
Google clarifies location-tracking policy
DefCon presenters explore programmer de-anonymization, stylistic fingerprints
Intel processor vulnerability could put millions of PCs at risk
Tencent Blade Team pair talk about smart speaker hack
Google tracks your movements, like it or not
Researchers showed remote style hack for new Macs
Researchers help close security hole in popular encryption software
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
Holding law enforcement accountable for electronic surveillance
Using machine learning to detect software vulnerabilities
Apps make it easy for domestic abusers to spy
Team suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks
Researcher blogged about workaround for Apple OS update's USB Restricted Mode
Privacy conversation turns to enabling smart TV tracking services
Is your smartphone spying on you?
Calling Android: Researchers see if Rowhammer-based exploits still possible
User comments
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.
Tech Xplore
Science X
Tech Xplore
Science X
Tech Xplore
- Business
- Computer Sciences
- Consumer & Gadgets
- Energy & Green Tech
- Engineering
- Hardware
- Hi Tech & Innovation
- Internet
- Other
- Robotics
- Security
- Semiconductors
- Software
- Telecom
Science X
Sign in with your Facebook or Google+ account
Not a member? Register
- Profile
- Newsletter
- Favorites
- Activity
- PM
- My news
- Sign out
Sign in with your Facebook or Google+ account
Not a member? Register
- Profile
- Newsletter
- Favorites
- Activity
- PM
- My news
- Sign out
Sign in with your Facebook or Google+ account
Not a member? Register
- Profile
- Newsletter
- Favorites
- Activity
- PM
- My news
- Sign out
Sign in with your Facebook or Google+ account
Not a member? Register
- Profile
- Newsletter
- Favorites
- Activity
- PM
- My news
- Sign out
Sign in with your Facebook or Google+ account
Not a member? Register
Forget password?
Sign in with your Facebook or Google+ account
Not a member? Register
- Top
- Home
- Search
- Mobile version
- Help
- FAQ
- About
- Contact
- Science X Account
- Sponsored Account
- Newsletter
- RSS feeds
- Android app
- iOS app
Privacy Policy
Terms of Use
- Top
- Home
- Search
- Mobile version
- Help
- FAQ
- About
- Contact
- Science X Account
- Sponsored Account
- Newsletter
- RSS feeds
- Android app
- iOS app
Privacy Policy
Terms of Use
Privacy Policy
Terms of Use
Privacy Policy
Terms of Use
Clash Royale CLAN TAG#URR8PPP
User comments
Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more
Click here to reset your password.
Sign in to get notified via email when new comments are made.