Mobile Threat Catalogue

Unauthorized Access to MDM Admin Console

Contribute

Threat Category: Enterprise Mobility

ID: EMM-2

Threat Description: Unauthorized access to EMM/MDM administrative console, for instance by exploiting EMM/MDM vulnerabilities.

Threat Origin

The Security of MDM Systems1

Exploit Examples

The Security of MDM Systems1

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

Ensure that strong authentication methods are enabled for access to the administrative console.

To prevent compromise of other administrator credentials from granting unauthorized access to EMM solutions, create distinct administrative credentials for EMM administrators.

Configure EMM solutions to use multi-factor authentication mechanisms for remote EMM/MDM administration sessions.

Audit administrative actions within EMM/MDM systems to enable detection of unauthorized access or actions

Employ application vetting processes on prospective EMM/MDM solutions to reduce the risk attackers can gain unauthorized access to administrative functions.

To prevent an attacker with unauthorized administrative access from activating sensitive features, such as remote full-wipe of devices, configure EMM solutions to with workflows that require authorization by multiple administrators prior to executing such actions.

To limit the functions available to an attacker with unauthorized administrative access, divide administrative responsibilities across distinct administrator roles or accounts.

References

  1. S. Andrivet, The Security of MDM systems, presented at Hack In Paris, 20 June 2013; https://hackinparis.com/data/slides/2013/MDM-HIP_2013.pdf [accessed 8/23/2016]  2