Software

Apple needs to fix admin authentication in ABM – Computerworld

News Room
News Room
3 Min Read

What are the implications?

What this means in practice is that when admins engage with the authentication process, they need to do so using non-federated Apple Account sign-in with Apple’s two‑factor authentication (typically via a trusted device or trusted phone number using SMS/voice). That’s weird; it means the key accounts that manage protection for sometimes thousands of devices are still only protected by a six-digit SMS code sent to a specified phone number. We know that SMS authentication is risky, with three well-known attack paths:

  • SIM swapping, where an assailant contacts your cellular company posing as you and convinces them to transfer your phone number to a SIM in their control. Once that takes place, all your SMS codes go to them.
  • Phishing, such as a fake login page that acts normally but intercepts your SMS code once you enter it, capturing and immediately using it to attack your actual account.
  • Interception, in which sophisticated, usually nation-state-adjacent attackers exploit the known vulnerabilities of SMS to intercept messages in transit.

While it is true most small and mid-size businesses probably don’t need to worry about that third attack possibility, and the second can be mitigated against by being careful never to use a link provided in an email to access key accounts, the first exploit sits within the reach of determined attackers.

A hole in the bucket

The consequences of a successful attack can be serious. Equipped with a compromised ABM account, an attacker could reassign enrolled devices to an MDM server they control, wipe devices, or push malicious apps/profiles or configurations at your devices. Those outcomes are, shall we say, sub-optimal.

I’m certain Apple has thought about this. It has, after all, introduced a range of security protections for all its devices, including managed devices. But in this case, it’s left things a little exposed. That weakness is made more critical because Apple’s system permits just a small number of administrators for each ABM setup, regardless of company size. 

Read the full article here

You Might Also Like

Adobe CEO steps down after 18 years – Computerworld

MacBook Neo forces IT to rethink its budget laptop strategy – Computerworld

The best Android keyboard apps for on-the-go productivity – Computerworld

Global RAM shortage appears set to continue through 2027 – Computerworld

The smartest ways to sync your Android and computer clipboards – Computerworld

Share This Article
Leave a comment
- Advertisement -
Ad image

Trending Stories