Description: Mobile Device Management (MDM) has become a hot topic as organizations are pressured to bring iStuff into their organization, especially as BYOD (Bring Your Own Device) gains steam. Mobile devices are invading every level of corporate society, making the need to remotely manage and control them increasingly urgent. Apple has provided some enterprise management features, first via over-the-air configuration profiles, and beginning in 2010, full MDM support. Unfortunately, the exact features availble through MDM are tightly controlled by Apple, as is the protocol itself.
This talk dissects how Apple MDM works. Starting with basic iOS configuration principles, the talk explores mobile config profiles generated by the iPhone Configuration Utility, over-the-air profile delivery, and eventually describes the key features and mechanisms behind MDM. Finally, we explore how to implement your own MDM server, which allows you to manage iOS devices using official device management APIs. You can wipe your device, and perform many other actions, using these custom MDM services. Finally, some bugs and vulnerabilities, as well as one interesting attack, are discussed.
Originally presented at Black Hat, this talk has been updated to include changes from iOS 5.x and other more recent discoveries.
David is a Senior Consultant with Intrepidus Group, where he's spouted off about RSA, supported large-scale iPad deployments, and found obscure bugs in Apple's MDM system. He's been fortunate enough to present at ShmooCon and at Black Hat, and recently co-authored an iOS programming security class for SANS.
When not doing real work, David stays busy with crypto puzzles, ticket sales systems, and keeping Netflix working on the family-room TV. Prior to Intrepidus, he spent some years performing compliance-based testing. Despite this, people actually interact with him on Twitter (@schuetzdj) and sometimes leave nice comments on his blog (www.darthnull.org).
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.