Mobile Threat Catalogue

Improper Tenant Segmentation

Contribute

Threat Category: Enterprise Mobility

ID: EMM-1

Threat Description: A user of one organization’s EMM instance is able to access information from another organization’s EMM instance.

Threat Origin

New VMSA-2014-0014 _ AirWatch by VMWare Product Update Addresses Information Disclosure Vulnerabilities 1

Exploit Examples

New VMSA-2014-0014 _ AirWatch by VMWare Product Update Addresses Information Disclosure Vulnerabilities 1

CVE Examples

Possible Countermeasures

Enterprise

To avoid this threat, deploy on-premises instances of EMM solutions when possible.

To further reduce the potential impact of unauthorized access to account and device data, configure the EMM solution to capture and store the minimum amount of device, user, and activity data as required to meet your broader mobile device security goals.

To further reduce the potential impact of unauthorized access to account and device data, dissociate or anonymize the data provided to the EMM service as much as possible (e.g., map enterprise or personal identities to aliases provisioned within the EMM solution).

To reduce the time to detection of unauthorized access to EMM administrative accounts, configure the EMM solution to audit system access and administrative actions, and establish procedures to review recent activity for indications of unauthorized access.

To reduce the potential for an attacker to activate sensitive EMM functionality, such as remote wiping of enrolled devices, configure the EMM solution to require authorization by multiple administrators before such actions will execute.

References

  1. “New VMSA-2014-0014 - AirWatch by VMWare Product Update Addresses Information Disclosure Vulnerabilities”, 10 Dec. 2014; http://seclists.org/fulldisclosure/2014/Dec/44 [accessed 8/29/2016]  2