Microsoft Exchange Servers Spoofed To Manipulate Mobile Devices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Microsoft Exchange Servers Spoofed To Manipulate Mobile Devices

Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes.

So much to-do has been generated around preventing unauthorized mobile devices from accessing sensitive corporate resources, but what happens when security researchers turn that model on its head? What happens when the theoretical attackers use unauthorized, spoofed servers to connect to mobile devices? This Thursday at Black Hat, an Australian researcher will demonstrate a proof-of-concept attack that employs just that type of attack, using a man-in-the-middle connection and Microsoft Exchange to conduct unauthorized remote wipes on mobile devices.

The genesis for the research, says Peter Hannay, a PhD student, researcher, and lecturer based at Edith Cowan University in Perth, Australia, came from the idea that mobile Exchange attacks don't necessarily need to compromise services in the organization if the endpoint devices themselves are unprotected and poorly configured. The initial proof-of-concept demonstrated by Hannay is a multi-stage attack.

Read the rest of this article on Dark Reading.

Distributed denial-of-service attacks can do serious damage. Get ready before you're hit. Also in the new, all-digital Save Your Assets issue of Dark Reading: Next-gen attackers aren't out to steal your money, and your old style of defense isn't going to stop them. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll