Mobile Threat Catalogue

MDM Impersonation


Threat Category: Enterprise Mobility


Threat Description: An adversary could impersonate the EMM/MDM server to an enrolled device to execute unauthorized actions, such as triggering a device wipe or installing a malicious MDM profile.

Threat Origin

Mobile Device Mismanagement 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Mobile App Developer

Design on-device agents to only accept MDM administrative commands during secure communication with a trusted EMM server (e.g. during a TLS session).


Consider the use of EMM/MDM products that use digital signatures to allow the on-device agent to perform validation of the source and the integrity of device management messages.


  1. S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; [accessed 8/23/2016]