Mobile Threat Catalogue

MDM Impersonation

Contribute

Threat Category: Enterprise Mobility

ID: EMM-3

Threat Description: An adversary could impersonate the EMM/MDM server to an enrolled device to execute unauthorized actions, such as triggering a device wipe or installing a malicious MDM profile.

Threat Origin

Mobile Device Mismanagement 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Mobile App Developer

Design on-device agents to only accept MDM administrative commands during secure communication with a trusted EMM server (e.g. during a TLS session).

Enterprise

Consider the use of EMM/MDM products that use digital signatures to allow the on-device agent to perform validation of the source and the integrity of device management messages.

References

  1. S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; www.blackhat.com/docs/us-14/materials/us-14-Breen-Mobile-Device-Mismanagement.pdf [accessed 8/23/2016]