Notebookcheck

Black Hat USA briefing indicates possible set-up exploits in enterprise-level Macs

A team of researchers has found that it is possible to compromise a Mac during its initial boot. (Source: CGTrader)
A team of researchers has found that it is possible to compromise a Mac during its initial boot. (Source: CGTrader)
Macs are more or less impervious to hacking, right? Not any more, according to two cybersecurity researchers during a briefing at the Black Hat USA Conference 2018. However, the attacks involved are difficult to achieve and need to be launched at very specific times during the computer's set-up.

The Black Hat Conference took place in Las Vegas this year. It included a presentation in which two researchers, Jesse Endahl from the company Fleetsmith and Max Bélanger from Dropbox, outlined how popular set-up methods for Apple Macs can be exploited for malicious purposes.

Essentially, Endahl and Bélanger have identified a bug in the tools Mobile Device Management (MDM) and Device Enrollment Program (DEP) that could allow scope for a man-in-the-middle (MitM) attack. This MitM attack could allow a third party access to a Mac during its set-up. Normally, MDM and DEP are very well-secured through techniques such as certificate-pinning in the course of this process. It needs to be, as it allows Apple to farm MDM out to companies such as Fleetsmith so that enterprise customers can set up their Macs by themselves on delivery.

However, Endahl and Bélanger found that a step in which the MDM connects to the Mac app store to download software was not protected by pinning. Therefore, an MitM standing between the online resources of the MDM vendor in question and the device could redirect this download to one containing malware instead.

On the other hand, the researchers stressed that the successful insertion of the MitM in the right 'position' was incredibly difficult to pull off successfully. In addition, it requires versions of macOS older than 10.13.6 - however, companies such as Fleetsmith still rely on such a version for MDM provision. Endahl also reported that Apple, as well as his own employer, had been informed of this issue. Therefore, it will hopefully be addressed soon.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 08 > Black Hat USA briefing indicates possible set-up exploits in enterprise-level Macs
Deirdre O Donnell, 2018-08-14 (Update: 2018-08-14)