|Apple Gagdets / Photo Credit via Pexels|
Apple has given consumers a lot of reasons to patronize its products, whether it’s a smartphone, computer, or even its online store. For a lot of people, the company has become synonymous with the concepts of quality, high-technology, and a great user experience.
One of the main reasons for this reputation is because of the company’s impressive track record when it comes to the security system for all their products and platforms. There has always been a strong belief that virus or malware is not something that can infect Apple products. In fact, according to a Forbes report, the Democratic National Committee (DNC) was replacing all their Android gadgets with iPhones amidst concerns of hacking as the midterm elections get nearer.
Of course, nothing in this world is perfect, and that includes Apple’s vaunted security systems. Per another Forbes article written by Thomas Brewster, researchers discovered a unique method of stealing business Wi-Fi and application passwords using one of the company’s own products. They were able to modify an Apple technology that was designed to help companies manage and secure officially issued iPhones and Macs.
Citing researchers from Duo Security, the article pointed to the openness of Apple’s Device Enrollment Program (DEP) as the system’s weakness because it allows the enrollment of a rogue device, thereby making it possible to steal Wi-Fi passwords and confidential business information. While Apple does require user authentication when an iPhone or a Mac is enrolled on DEP, it is up to the business to require the enrollee to prove who they are. If the organization forgoes the authentication process, a hacker can find a DEP serial number of a real device that’s already registered but has not yet been set up on their mobile device management (MDM) server. The hacker can then use that serial number to enroll the rogue device on the MDM server and use it to get passwords for applications and Wi-Fi.
Experts have weighed in on this issue, and said that the best way to deal with this weakness is for Apple to use encryption technology on the chips of latest iPhones and Macs so that these devices can be uniquely identified when being enrolled on DEP. They also suggested using stronger, enforced authentication.