Researchers with Immersive Labs have disclosed a vulnerability bug in SureMDM, a popular mobile device management platform, which could lead to compromises on every device running the platform within the targeted enterprise. The issue included a lack of default authentication between the agent running the host and the server where attacks could potentially register fake devices and intercept job regquests containing sensitive data.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to day.
“This is reminiscent of the Kaseya attack where organizations were compromised by a third-party software system used for IT management. There is always a tradeoff between ease of onboarding or ease of use and cybersecurity. Systems are often deployed with defaults that allow for quick deployment and onboarding of users but leave holes like this open that can then be exploited by attackers. After the Solarwinds and Kaseya attacks, organizations should be very circumspect of how much privilege third-party software has inside their networks.”
The majority of these issues have been mitigated. Which means that you should install any and all updates to protect yourself if you run SureMDM. But those running the Linux client are still vulnerable. And there is a proof of concept from Immersive Labs inbound to demonstrate the issue. Which means you’ll have to update that when patches become available.
Researchers Disclose Serious Vulnerabilities In SureMDM
Posted in Commentary with tags Security, SureMDM on February 2, 2022 by itnerdResearchers with Immersive Labs have disclosed a vulnerability bug in SureMDM, a popular mobile device management platform, which could lead to compromises on every device running the platform within the targeted enterprise. The issue included a lack of default authentication between the agent running the host and the server where attacks could potentially register fake devices and intercept job regquests containing sensitive data.
Saumitra Das, CTO and Cofounder, Blue Hexagon had this to day.
“This is reminiscent of the Kaseya attack where organizations were compromised by a third-party software system used for IT management. There is always a tradeoff between ease of onboarding or ease of use and cybersecurity. Systems are often deployed with defaults that allow for quick deployment and onboarding of users but leave holes like this open that can then be exploited by attackers. After the Solarwinds and Kaseya attacks, organizations should be very circumspect of how much privilege third-party software has inside their networks.”
The majority of these issues have been mitigated. Which means that you should install any and all updates to protect yourself if you run SureMDM. But those running the Linux client are still vulnerable. And there is a proof of concept from Immersive Labs inbound to demonstrate the issue. Which means you’ll have to update that when patches become available.
Leave a comment »