IOS 10.3 and higher add an additional step for users to install new trusted CA certificates to make it more difficult to trick users into installing them. Zen can modify the SELinux enforcement mode. XLoader for iOS has been installed via a malicious configuration profile. Windshift has installed malicious MDM profiles on iOS devices as part of Operation ROCK. SilkBean has attempted to trick users into enabling installation of applications from unknown sources. Mandrake can enable app installation from unknown sources and can disable Play Protect.
GoldenEagle has modified or configured proxy information. ĭvmap can enable installation of apps from unknown sources, turn off VerifyApps, and can grant Device Administrator permissions via commands only, rather than using the UI. If running on a Huawei device, Desert Scorpion adds itself to the protected apps list, which allows it to run with the screen off. Ĭerberus disables Google Play Protect to prevent its discovery and deletion in the future. Īnubis can modify administrator settings and disable Play Protect. The device could also potentially be enrolled into a malicious Mobile Device Management (MDM) system.
On iOS, malicious Configuration Profiles could contain unwanted Certification Authority (CA) certificates or other insecure settings such as unwanted proxy server or VPN settings to route the device's network traffic through an adversary's system. įor example, an unwanted Certification Authority (CA) certificate could be placed in the device's trusted certificate store, increasing the device's susceptibility to adversary-in-the-middle network attacks seeking to eavesdrop on or manipulate the device's network communication ( Eavesdrop on Insecure Network Communication and Manipulate Device Communication). The device user may be tricked into installing the configuration settings through social engineering techniques. An adversary could attempt to install insecure or malicious configuration settings on the mobile device, through means such as phishing emails or text messages either directly containing the configuration settings as an attachment, or containing a web link to the configuration settings.
0 kommentar(er)
