Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Pierluigi Paganini August 07, 2024

Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices.

Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th.

The incident impacted users globally, the attackers remotely wiped a small percentage of devices, according to the company.

The Ministry of Education (MOE) in Singapore confirmed that the incident heavily impacted students in the country. Some students who use iPads or Chromebooks as personal learning devices claimed they were unable to access their applications and information stored on their devices.

“Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator. There is currently no evidence that the perpetrator had accessed user files.” reported the MOE. “As a precautionary measure, MOE will remove the Mobile Guardian Device Management Application from all iPads and Chromebooks”

In response to the incident, Mobile Guardian halted its servers to prevent further disruption and launched an investigation into the security breach. At the time of this writing, the company stated that there was no evidence that the attackers had access to user data. The company added that this incident is not linked to a separate configuration error that occurred on July 30th and affected iPads in Singapore.

“Currently our investigation indicates that Mobile Guardian experienced a security incident that affected users globally, including on the North America, European, and Singapore instances.” reads a statement published by the company. “This resulted in a small percentage of devices to be unenrolled from Mobile Guardian and their devices wiped remotely. There is no evidence to suggest that the perpetrator had access to users’ data.”

It’s unclear if the hack was casual or whether it was the result of an extortion attempt carried out by a financially motivated attacker.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mobile Guardian)



you might also like

leave a comment