Threat Category: Enterprise Mobility
ID: EMM-4
Threat Description: Insecure handling of sensitive user data (e.g. domain authentication credentials) by EMM/MDM solution.
Threat Origin
Mobile Device Mismanagement 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Employ application vetting mechanisms on prospective EMM/MDM solutions to reduce the risk that sensitive data processed by the EMM/MDM is handled in an insecure fashion.
To reduce the impact of this threat, configure EMM solutions to capture the minimum set of user and device necessary to meet your broader mobile device security goals.
To limit the impact of the theft of credentials supplied to an EMM solution, configure user authentication from mobile devices to enterprise services to use one-time passwords or other replay-resistant cryptographic tokens.
References
S. Breen, Mobile Device Mismanagement, presented at Blackhat, Aug. 2014; www.blackhat.com/docs/us-14/materials/us-14-Breen-Mobile-Device-Mismanagement.pdf [accessed 8/23/2016] ↩