Threat Category: Enterprise Mobility
ID: EMM-3
Threat Description: An adversary could impersonate the EMM/MDM server to an enrolled device to execute unauthorized actions, such as triggering a device wipe or installing a malicious MDM profile.
Threat Origin
Mobile Device Mismanagement 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Design on-device agents to only accept MDM administrative commands during secure communication with a trusted EMM server (e.g. during a TLS session).
EnterpriseConsider the use of EMM/MDM products that use digital signatures to allow the on-device agent to perform validation of the source and the integrity of device management messages.
References
S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; www.blackhat.com/docs/us-14/materials/us-14-Breen-Mobile-Device-Mismanagement.pdf [accessed 8/23/2016] ↩