SideStepper iOS security vulnerability
SideStepper is an iOS security vulnerability identified by Check Point Software that allows 3rd parties to deliver rogue configurations to devices. The Check Point Research Team has published details of the vulnerability here.
AirWatch recommends following these steps to help ensure that your mobile enterprise environment is secure against this attack vector. More information is available here.
- Educate your end users on how you will distribute profiles to mobile devices. If your company has a practice of notifying users through a certain communication channel (email, Sharepoint, SMS, etc.) remind the employees about that channel and provide guidance on what to look for with regards to official communication. As your company grows, there will be additional phishing attacks on your enterprise. The more knowledge you can provide about scams and phishing attacks, the smarter your employees will be about mobile threats.
- Confirm within the AirWatch Management console that you are preventing “unmanaged profiles” from being installed on the mobile device. Note: this restriction is only available for Supervised devices on iOS 6+.
- Encourage employees to report suspicious applications or profiles that may appear on their devices.