Gents, Feel free to read US-CERT VU#584363 related to our recents 0days allowing skilled attackers to take the complete control of a fleet of GSM/Tablets (Symbian, iPhone/iPad, BlackBerry, Windows Mobile, Android, etc), thanks to vulnerabilities in Mobile Device Management (MDM).
This could lead to the shred of the complete fleet of devices (might be long to recover/reinstall hundreds or thousands of devices worldwide..). Of course, this could also lead to remote spying on those devices, etc. MDM is essentially related to large scale companies or governments, that really need this kind of tools to manage big fleets properly. We suggest these organization to contact their (really technical) security partners in order to launch advanced penetration tests, as it will definitely become a nice vector of intrusion in a short future. Pwning thousands of devices is more interesting for evil attackers, compared to powning 1 device sometimes by coming in the same cellphone area, etc. References: http://www.kb.cert.org/vuls/id/584363 http://www.tehtri-security.com/en/news.php Best regards, Laurent Oudot, CEO TEHTRI-Security - tehtris.com - "This is Not A Game" *Next live hacking sessions to join us* --DEC 2011 / Black Hat / Abu Dhabu, UAE Training: "Advanced PHP Hacking" [w] http://www.blackhat.com/ --FEB 2012 / Hack In The Box GSEC / Mumbai, India Training "Strategic Cyber Attacks,Advanced Persistent Threats & Beyond" [w] http://gsec.hitb.org/?p=134 [t] #HITBGSEC _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/