InformationWeek: The Business Value of Technology

InformationWeek: The Business Value of Technology
e2 Conference & Expo - Boston 2013
= Member Content
Facebook Twitter Share

E-mail | Print | Permalink | LinkedIn | RSS

Microsoft Exchange Servers Spoofed To Manipulate Mobile Devices


Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes.


By Ericka Chickowski- Dark Reading
InformationWeek
July 25, 2012 11:32 AM

So much to-do has been generated around preventing unauthorized mobile devices from accessing sensitive corporate resources, but what happens when security researchers turn that model on its head? What happens when the theoretical attackers use unauthorized, spoofed servers to connect to mobile devices? This Thursday at Black Hat, an Australian researcher will demonstrate a proof-of-concept attack that employs just that type of attack, using a man-in-the-middle connection and Microsoft Exchange to conduct unauthorized remote wipes on mobile devices.

The genesis for the research, says Peter Hannay, a PhD student, researcher, and lecturer based at Edith Cowan University in Perth, Australia, came from the idea that mobile Exchange attacks don't necessarily need to compromise services in the organization if the endpoint devices themselves are unprotected and poorly configured. The initial proof-of-concept demonstrated by Hannay is a multi-stage attack.

Read the rest of this article on Dark Reading.

Distributed denial-of-service attacks can do serious damage. Get ready before you're hit. Also in the new, all-digital Save Your Assets issue of Dark Reading: Next-gen attackers aren't out to steal your money, and your old style of defense isn't going to stop them. (Free registration required.)

Federal agencies must eliminate 800 data centers over the next five years. Find how they plan to do it in the new all-digital issue of InformationWeek Government. Download it now (registration required).




InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS


Advertisement

InformationWeek Reports

report Mobility's Next Challenge: 8 Steps to a Secure Environment
Taking your company's mobile capabilities to the next level--whether on personally or company-owned devices-requires a lifecycle management plan that encompasses application security, development, distribution, support and enhancement. We show you how to get there and provide insight into five mobile application development options.

report Buyer's Guide: Mobile Device Management
Want the lowdown on nine top MDM products? Our InformationWeek Buyer's Guide is your one-stop guide for choosing an MDM system that match your requirements. ZIP file includes: Detailed comparison charts on security, administration, and platform and reporting features; our full questionnaire; and responses from Absolute Software, AirWatch, Fiberlink Communications, JAMF Software, MobileIron, Odyssey Software, Symantec, Tangoe, and Zenprise.

report Dark Side of Mobile Apps
Companies are rushing headlong to develop applications for Android, Apple and BlackBerry devices. But IT must maintain its secure development lifecycle process or risk a black eye.

report Reducing Mobile Device Risks to Enterprise Data
Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. We offer a framework of four possible strategies to secure the mobile environment.