Knowledgebase
SideStepper iOS Vulnerability
Posted by Tom Walker on 04 April 2016 01:51 PM

The SideStepper vulnerability requires some end user acceptance to take control of the device and unique positioning to perform a man-in-the-middle attack, along with knowledge of iOS mobile device management (MDM) profiles.

At Notify Technology, we believe that our architecture helps you identify and prevents these types of attacks from being successful on our managed iOS devices. First, NotifyMDM Compliance Manager can detect the installation of any 'unmanaged profiles.' In other words, if the end user is tricked into installing a profile that has not been approved by the enterprise, NotifyMDM can alert both the user and the Administrator of its presence. Second NotifyMDM's Compliance Manager can disable Manages application to avoid any further attack.

In addition to the profile setting above, NotifyMDM is also vigilant at protecting the MDM profile data and communications at a much lower level on the device. Notify Technology has taken steps to ensure that the profiles distributed to the device are signed and encrypted in transit from our management console to the end user's device when that device is first enrolled in NotifyMDM.

Notify Technology recommends following these steps to help ensure that your mobile enterprise environment is secure against this attack vector.

  1. Educate your end users on how you will distribute profiles to mobile devices. If your company has a practice of notifying users through a certain communication channel (email, SMS, etc.) remind the employees about that channel and provide guidance on what to look for with regards to official communication. The more knowledge you can provide about scams and phishing attacks, the smarter your employees will be about mobile threats.
  2. Confirm within the NotifyMDM Compliance Manager the Restriction is set for “Restrict if iOS unmanaged configuration profile is on device.”  You may also want to enable the corresponding “Managed Apps” restriction to disallow apps from being pushed to a compromised device.

3. Encourage employees to report suspicious applications or profiles that may appear on their devices.