• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

 | 

Interlock ransomware group deploys new PHP-based RAT via FileFix

 | 

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

 | 

Experts uncover critical flaws in Kigen eSIM technology affecting billions

 | 

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Mobile
  • Security
  • SideStepper method allows to infect iOS devices via MDM Solutions

SideStepper method allows to infect iOS devices via MDM Solutions

Pierluigi Paganini April 01, 2016

SideStepper is a method to install malicious apps on iOS devices by abusing the mobile device management (MDM) solutions.

Security researchers from the Check Point firm have devised a method to install a malicious code on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises.

The technique relies on a vulnerability dubbed by the experts SideStepper, but that Apple considers it as a normal behavior.

“SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” state the blog post published by Check Point.

Apple allows enterprises to distribute internally-used apps through a Developer Enterprise Program instead passing through the App Store. In order to install the apps, enterprises need to use certificates signed by Apple.

The program allows organizations to install internal apps on employee devices using enterprise certificates signed by Apple.

However, hackers have abused in several circumstances of digital certificates so Apple introduced new security enhancements in iOS 9.

“These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, making it harder to install a malicious app accidentally.” States the CheckPoint firm.

SideStepper technique

MDM solutions are used by enterprises to easily manage mobile devices used by employees. MDM allows the easy management of any aspect of the mobile devices, including installing apps, deployment of security policies, and remotely wipe phones.

Experts at CheckPoint firm highlighted that threat actors can launch a man-in-the-middle (MitM) attack against the MDM solution to allow the installation of malicious enterprise apps over-the-air, this is possible because Apple gives apps installed using MDMs the possibility to bypass security measures.

Malicious MDM-distributed apps can be abused by using the following process:

  1. Install a malicious iOS configuration profile. This is a native way to distribute a set of configuration settings like networking, security settings, root CAs, and more. A threat actor can craft a configuration profile that will install a root CA and route traffic through a VPN or a proxy to a malicious server, and then initiate a MitM attack. This configuration could be deployed using phishing attack.
  2. Set up a remote enterprise app server to serve the malicious app.
  3. Wait for a command to be sent to an iOS device by an MDM: then, using a MitM attack, intercept and replace the command with a request to install a malicious app. The iOS device will fetch from the remote enterprise app server and install it.
  4. Execute commands using the malicious enterprise app which, because of the method used to install it, does not require explicit user trust. This means that users will not be able to distinguish between a legitimate enterprise app, an App Store app, or a bogus app installed by a threat actor.

Basically, the attackers could intercept the command sent by the MDM to the devices and replace it with a request to install a malicious app. The operation doesn’t need user’s interaction making hard to discover the attack.

The SideStepper technique could be used to infect Apple devices and control them with a malicious code.

CheckPoint suggests enterprises to carefully assess the risk of malicious applications on mobile devices.

Experts from CheckPoint will present the SideStepper method at the Black Hat Asia conference Today.

Pierluigi Paganini

Security Affairs –  (SideStepper, Apple iOS)


facebook linkedin twitter

Apple iOS Hacking iOS malware man-in-the-middle MDM mobile mobile app SideStepper

you might also like

Pierluigi Paganini July 15, 2025
Android Malware Konfety evolves with ZIP manipulation and dynamic loading
Read more
Pierluigi Paganini July 15, 2025
Belk hit by May cyberattack: DragonForce stole 150GB of data
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Android Malware Konfety evolves with ZIP manipulation and dynamic loading

    Malware / July 15, 2025

    Belk hit by May cyberattack: DragonForce stole 150GB of data

    Data Breach / July 15, 2025

    North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

    Hacking / July 15, 2025

    FBI seized multiple piracy sites distributing pirated video games

    Cyber Crime / July 15, 2025

    An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

    Hacking / July 15, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT