Researchers with Immersive Labs have disclosed a vulnerability bug in SureMDM, a popular mobile device management platform, which could lead to compromises on every device running the platform within the targeted enterprise. The issue included a lack of default authentication between the agent running the host and the server where attacks could potentially register fake devices and intercept job regquests containing sensitive data.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to day.
“This is reminiscent of the Kaseya attack where organizations were compromised by a third-party software system used for IT management. There is always a tradeoff between ease of onboarding or ease of use and cybersecurity. Systems are often deployed with defaults that allow for quick deployment and onboarding of users but leave holes like this open that can then be exploited by attackers. After the Solarwinds and Kaseya attacks, organizations should be very circumspect of how much privilege third-party software has inside their networks.”
The majority of these issues have been mitigated. Which means that you should install any and all updates to protect yourself if you run SureMDM. But those running the Linux client are still vulnerable. And there is a proof of concept from Immersive Labs inbound to demonstrate the issue. Which means you’ll have to update that when patches become available.
Related
This entry was posted on February 2, 2022 at 8:25 am and is filed under Commentary with tags Security, SureMDM. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Researchers Disclose Serious Vulnerabilities In SureMDM
Researchers with Immersive Labs have disclosed a vulnerability bug in SureMDM, a popular mobile device management platform, which could lead to compromises on every device running the platform within the targeted enterprise. The issue included a lack of default authentication between the agent running the host and the server where attacks could potentially register fake devices and intercept job regquests containing sensitive data.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to day.
“This is reminiscent of the Kaseya attack where organizations were compromised by a third-party software system used for IT management. There is always a tradeoff between ease of onboarding or ease of use and cybersecurity. Systems are often deployed with defaults that allow for quick deployment and onboarding of users but leave holes like this open that can then be exploited by attackers. After the Solarwinds and Kaseya attacks, organizations should be very circumspect of how much privilege third-party software has inside their networks.”
The majority of these issues have been mitigated. Which means that you should install any and all updates to protect yourself if you run SureMDM. But those running the Linux client are still vulnerable. And there is a proof of concept from Immersive Labs inbound to demonstrate the issue. Which means you’ll have to update that when patches become available.
Share this:
Like this:
Related
This entry was posted on February 2, 2022 at 8:25 am and is filed under Commentary with tags Security, SureMDM. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.