Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

SideStepper vulnerability in iOS 9 endangers companies that use MDM to distribute apps


Apple's iOS 9 added safeguards for businesses to help prevent employees from downloading malicious software posing as legitimate enterprise apps, but researchers now warn that the use of mobile device management (MDM) technology within companies opens up a loophole in these protections.

According to a new research report from Check Point Software Technologies, MDM solutions, which allow companies to distribute software to employees' mobile devices en masse across its enterprise, pose a threat to device-holders if MDM communications via iOS are successfully hijacked by bad actors. This vulnerability has been assigned the nickname SideStepper.

To pull off a SideStepper scam, an attacker would first trick an employee into installing a malicious configuration file by clicking on a link in a phishing email, SMS text message or instant message. This newly created profile then sets the stage for a Man-in-the-Middle attack, whereby device-holders think they've received an over-the-air app download on their devices from corporate IT, when it's actually a malicious enterprise app sent from cybercriminals who have hijacked the MDM exchange.

A malicious enterprise app could allow bad actors to completely take over the phone, endangering not only the device-holder but potentially the enterprise if confidential or sensitive documents, files or contacts are impacted. The criminals could potentially capture screenshots, even those captured inside secure containers, as well as record keystrokes.

Normally under iOS 9, a user who downloads an enterprise app on his device must first as a precaution go through a series of settings screens to verify the app's developer before actually executing the program. But MDM solutions skip these steps for the sake of expediency and efficient business workflow—“so iOS natively trusts any app installed by MDM solutions,” the report explains. “In fact, an app installed by an MDM will not show any indication of its origin.”

Furthermore, the app download and approval process looks exactly the same regardless of which MDM solution a company is using, making it easy for cybercriminals to convincingly spoof the process, as no special customization is necessary.

“The issue is not with the MDM companies,” said Michael Shaulov, Head of Mobility Product Management at Check Point Software Technologies, in an interview with “The [MDM] communication API is not developed by the various MDM developers. It's actually something provided by Apple, so Apple is responsible” for correct this flaw. CheckPoint informed Apple of this vulnerability in late 2015 and it is not known when the company will address it. has reached out to Apple for comment. In the meantime, said, Shaulov, businesses can help themselves by coupling their MDM solutions with a proven mobile threat intelligence solution.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.