Hackers can abuse the iOS mobile device management protocol to deliver malware
Starting with iOS 9, Apple has tried to make it harder for attackers to trick users into installing unauthorized apps on their devices by abusing stolen enterprise certificates. However, it left one door open that attackers can still exploit: the protocol used by mobile device management products.
In a presentation at the Black Hat Asia security conference on Friday, researchers from Check Point Software Technologies will demonstrate that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices with little user interaction.
Apple’s tight control over the iOS App Store has made it hard, but not impossible, for attackers to infect iOS devices with malware.