Malicious MDM: Exploiting iOS MobileConfigs for Device Control

Explore the potential security risks of Mobile Device Management (MDM) in this OWASP AppSec California 2015 conference talk. Delve into the basics of MDM functionality and learn how attackers can exploit Apple's MDM service to gain control over iOS devices. Discover techniques for deploying malicious MDM configurations and leveraging company phones to access internal networks. Gain insights into protecting your business from rogue MDM profiles and understand the implications of various MDM architectures, including client-server models and enrollment methods. Examine post-deployment exploitation techniques, such as wireless attacks and application vulnerabilities. Learn about preventive measures and best practices for securing mobile devices in corporate environments.

IOS users Scan to Connect to the AppSec California Wireless Network Open the URL in Safari
Architectures: - Client Server Model - Email/URL/Application enrollment -One Time Application Profiles typically deployed from
Direct USB Connection -iPhone Configuration Utility
Post Deployment Exploitation -Wireless Attack
Post Deployment Exploitation -Application Attacks Custom Applications
Post Deployment Exploitation -So you have credentials... Single Factor VPN (PPTP) - Internet facing authentication
Preventions -Start with clean phones, then