McAfee Inc. released information on a proof-of-concept iPad exploit involving a man-in-the-middle attack using...
a rogue access point. Is this technique a concern for enterprises, and is it a sign of things to come for iPads?
The McAfee presentation (which was originally presented at the vendor's FOCUS 11 conference), involving a man-in-the-middle attack using a rogue access point is a concern for enterprises and home users. Here's how such an attack is initiated: When the user browses the Web, the Jailbreakme attacks and tools are used to jailbreak the iPad and set up a VNC server to remotely connect to the system. The attacker is able to completely take over the system once a victim connects to the rogue access point, and it's accomplished by using a fraudulent certificate that exploits a vulnerability in iOS.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
The Jailbreakme website and attacks have been around for several years and are gaining additional traction as more Mac mobile devices are sold. As Apple Inc. clamps down on its App Store, and users decide they want more control or functionality that Apple doesn't deem suitable for its ecosystem, more exploits and jailbreaks will be developed to give users the control and functionality they desire.
This specific attack relies on a user connecting to an unsecured wireless network. All the other steps will fail if the user does not connect to the unsecured network. Enterprises either need to lock their iPads and similar devices so they can only connect to secure wireless networks, or educate their users on the risks of connecting to unsecured wireless networks. IT can ensure this from a policy perspective by mandating use of a VPN when connecting to an unsecured wireless network, thus reducing the risk of an SSL man-in-the-middle attack. This assumes, however, that the VPN is not vulnerable to such unlikely attacks as well. Users on IPSec VPNs are not at risk to SSL man-in-the-middle attacks, but SSL-VPNs have been vulnerable to such methods. So, while not a cure-all, SSL VPN use can reduce the likelihood of such an attack.
Dig Deeper on Network Intrusion Detection (IDS)
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.