"I'm certain Apple has thought about this. It has, after all, introduced a range of security protections for all its devices, including managed devices. But in this case, it's left things a little exposed. That weakness is made more critical because Apple's system permits just a small number of administrators for"
Admins engaging with authentication must use non-federated Apple Account sign-in with Apple’s two-factor authentication, typically via a trusted device or a trusted phone number using SMS or voice. This leaves key accounts that manage protection for large numbers of devices dependent on a six-digit SMS code sent to a specified phone number. SMS authentication is vulnerable to SIM swapping, where attackers move the phone number to a SIM they control; phishing, where fake login pages capture the SMS code; and interception, where attackers exploit weaknesses in SMS transmission. Even if some threats are less likely for smaller businesses, SIM swapping remains within reach of determined attackers. A compromised ABM account can enable device reassignment to an attacker-controlled MDM server, device wiping, and pushing malicious apps, profiles, or configurations.
#apple-two-factor-authentication #abm-and-mdm-device-management #sms-security-risks #sim-swapping #account-takeover
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]