Black Box Version 1.0 Manual de usuario descargar pdf (Pagina 20)

Good Security Findings

• Things you can’t do:

–Install profile on locked device

–Read installed profile details

• List profiles gives meta-data only

–Unlock token won’t work for desktop sync

• Nor vice-versa

–Make locked device re-send unlock token

That’s not

the whole

story

There are a couple of very good points, though: You can’t install a

proﬁle on a locked device (if there’s a passcode), nor can you induce a

locked device to resend you the unlock token. (Again, my theory is that

the token is a key to an escrow keybag, and once the device is locked,

such keys are wiped from memory, so it should be impossible for the

device to provide the unlock key when it’s locked). Also, though MDM

can list the proﬁles installed on a device, it can’t actually read the

contents of those proﬁles. So it might see a proﬁle named “Corporate

Email Settings,” but the details like the server name, userids,

passwords, etc., won’t be returned via the MDM call.

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 30 31

Sin comentarios

Black Box Version 1.0 Manual de usuario Pagina 20