Mimic in Configuration

Presented at Objective by the Sea version 3.0 (2020), March 12, 2020, 4:35 p.m. (25 minutes)

A configuration profile (.mobileconfig file) provides configuration information to Mac/iOS devices. Basically, it is used for enterprise mobile device management (MDM), instance APN setup for MVNO, email client setup and etc. Sometimes users encounter a "mimic" in a configuration profile. A mimic tries to cause a disturbance or steal information from victim's Mac/iOS device. We've collected more than four hundred configuration profiles and analyzed them. In this presentation, we'll show the details of mimics, malicious configuration profiles, in the wild. It covers various topics such as phishing, click fraud and more!

Presenters:

• Suguru Ishimaru - Security Research at Kaspersky
  Suguru joined Kaspersky Labs as a researcher in 2008. Then, he has been joining in Global Research and Analysis Team (GReAT) APAC to research Advanced Persistent Threat (APT) and recent cyber threats in APAC region. Based on the results of research, he made presentations in several security conferences such as AVTokyo 2012, HITCON a pacific 2016, HITCON pacific 2017, JSAC 2018, FIRST TC Bali 2018, Internet Week 2018 and Botconf 2019.
• Manabu Niseki - Security Researcher
  Manabu is a member of a CSIRT since 2015. He works as both a researcher and an engineer. He was a speaker at FIRST TC Bali 2018, Internet Week 2018, REVULN’19, HITCON CMT 2019 and Botconf 2019.

Links:

• https://objectivebythesea.org/v3/content.html#mNiseki
• https://objectivebythesea.org/v3/talks/OBTS_v3_mNiseki_sIshimaru.pdf

Similar Presentations:

• Black Hat USA 2011 / Inside Apple's MDM Black Box
• Still Hacking Anyway (SHA2017) / Tor, Puppet & Configuration Management Workshop