An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.
Serial number spoofing
Duo Security researchers say they’ve figured out how to enrol a rogue device onto an enterprise’s MDM system, if the business has failed to enable authentication on devices enrolled on the system.
To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrolment Program (DEP), but not yet set-up on the company’s MDM server, they said.
To read this article in full, please click here