Black Box Version 1.0 Manual de usuario descargar pdf (Pagina 21)

Overwrite MDM Profile

• Can’t install profile on locked device

• Can install when device unlocked

• If you reinstall the MDM profile....

• ....it re-enrolls in MDM.

• Which sends a new UnlockToken

Evil Maid Attack

1. Get device to talk to your sever

2. Install copy of MDM profile

3. Receive new UnlockToken

4. Send ClearPasscode

5. Copy device, leave

As I was ﬁnishing up the ﬁrst draft of these slides, I was testing some

limitations of proﬁle installation. And accidentally installed the MDM

proﬁle (instead of the proﬁle I used in the demo). Imagine my shock

when I saw new tokens appear in my debug window.

The “Evil Maid” attack has been known for some years now. It

exempliﬁes the dangers associated with physical access to a device -- if

you can touch it, you can own it. In the traditional attack, a bribed hotel

maid (or someone disguised as one) boots a computer using full disk

encryption from a USB fob, installing malware to the root partition / boot

sector. That malware eventually collects the password to decrypt the

drive, providing the attacker with access to the data. This is simply an

iOS version of the attack, using MDM as the main attack vector.

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 30 31

Sin comentarios

Black Box Version 1.0 Manual de usuario Pagina 21