MDM Me Maybe

Presented at ekoparty 14 (2018), Sept. 28, 2018, 5:50 p.m. (50 minutes)

Apple's Device Enrollment Program (DEP) allows IT administrators to simplify Mobile Device Management (MDM) enrollment and provide a great out-of-box experience for end-users. But at what point does the simplicity of the enrollment experience compromise security? Depending on the configuration of the MDM server, organizational secrets or other sensitive data may be pushed to enrolled endpoints. What could go wrong if this information ended up in the wrong hands? In this talk we'll explore weaknesses in DEP, as well as alternative approaches that could be used to more strongly authenticate users and devices when enrolled as part of DEP workflows. We'll also discuss ways to protect your organization from these shortcomings, even when using DEP.

Presenters:

• James Barclay
  James Barclay is a Senior R&D Engineer at Duo Labs, the security research and analysis team at Duo Security. Prior to joining Duo, James was a Tools Engineer at Pinterest, and an IT consultant before that. He's contributed to a handful of open-source projects, and has been called an Apple nerd once or twice.

Links:

• http://ekoparty.org/charla-mdm-me-maybe.php
• https://infocon.org/cons/Ekoparty/Ekoparty 14 2018/ekoparty 2018 dia 3 - MDM Me Maybe by James Barcla.mp4
• https://infocon.org/cons/Ekoparty/Ekoparty 14 2018/MDM Me Maybe James Barclay.mp4
• https://infocon.org/cons/Ekoparty/Ekoparty 14 2018/ekoparty 2018 dia 3 - MDM Me Maybe by James Barcla.eng.srt (subtitles)
• https://infocon.org/cons/Ekoparty/Ekoparty 14 2018/MDM Me Maybe James Barclay.eng.srt (subtitles)

Similar Presentations:

• Summercon 2010 / Busticating DEP
• Black Hat USA 2011 / Inside Apple's MDM Black Box
• Black Hat USA 2018 / A Deep Dive into macOS MDM (and How it can be Compromised)