Security

How some business Macs could get hacked right out of the box

A new report from Wired reveals a common vulnerability in Macs that exploits DEP and MDM platforms.

Despite Apple's supply chain being among the most closely monitored and analyzed in the world, its devices are not immune to all potential hacks. According to a report from Wired, it's possible that a brand new Mac could be remotely compromised the first time it connects to Wi-Fi out of the box.

Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple's device enrollment program (DEP) and its Mobile Device Management (MDM) platform.

SEE: Mobile device security: A guide for business leaders (Tech Pro Research)

These tools, according to the report, allow corporate users to go through their company's customized IT setup themselves, regardless of their physical location. Ideally, this would allow companies to ship Macs to their employees directly, and the devices will automatically join the corporate ecosystem after they connect to Wi-Fi, the report noted.

According to the report, the bug was discovered by researchers Jesse Endahl, the chief security officer of Fleetsmith, and Max Bélanger, a staff engineer at Dropbox. An attack on DEP and MDM would require a lot of access, the report noted. When the researchers discovered a bug in these tools, they realized they could exploit it to gain remote access.

Apple has been made aware of the issue and has since released a version of macOS High Sierra to fix the bug, the report noted. However, machines that are still running an outdated OS are still vulnerable to the attack. IT helpdesk pros who manage Mac devices should patch them as soon as possible.

According to the report, when a Mac's serial number is enrolled in DEP and MDM, it will automatically run a series of checks—both with Apple's servers and the MDM vendor's servers. Researchers found the issue arises in one key step of the process.

The hacker, the report noted, could lurk between the MDM web server and the victim's device, allowing the hacker to replace the download manifest with a malicious one that forces the computer to install malware instead.

The big takeaways for tech leaders:

  • New reporting from Wired reveals that enterprise Macs equipped with DEP and MDM are susceptible to numerous attacks as soon as they are connected to Wi-Fi.
  • Apple has taken steps to address the issue in the newly updated High Sierra 10.13.6, but machines that haven't been updated are still susceptible.

Also see

cnet-mac.jpg
Image: CNET

About Laurel Deppen

Laurel Deppen is a student at Western Kentucky University.

Editor's Picks

Free Newsletters, In your Inbox