Microsoft Exchange Servers Spoofed To Manipulate Mobile Devices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Microsoft Exchange Servers Spoofed To Manipulate Mobile Devices

Black Hat researcher demonstrates mobile man-in-the-middle proof-of-concept attack that allows for unauthorized remote wipes.

So much to-do has been generated around preventing unauthorized mobile devices from accessing sensitive corporate resources, but what happens when security researchers turn that model on its head? What happens when the theoretical attackers use unauthorized, spoofed servers to connect to mobile devices? This Thursday at Black Hat, an Australian researcher will demonstrate a proof-of-concept attack that employs just that type of attack, using a man-in-the-middle connection and Microsoft Exchange to conduct unauthorized remote wipes on mobile devices.

The genesis for the research, says Peter Hannay, a PhD student, researcher, and lecturer based at Edith Cowan University in Perth, Australia, came from the idea that mobile Exchange attacks don't necessarily need to compromise services in the organization if the endpoint devices themselves are unprotected and poorly configured. The initial proof-of-concept demonstrated by Hannay is a multi-stage attack.

Read the rest of this article on Dark Reading.

Distributed denial-of-service attacks can do serious damage. Get ready before you're hit. Also in the new, all-digital Save Your Assets issue of Dark Reading: Next-gen attackers aren't out to steal your money, and your old style of defense isn't going to stop them. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll