Please enable JavaScript to experience the full functionality of GMX.

Apple's enrollment programme could have security flaw

Apple products handed out by schools and businesses could have a security flaw making it easier for information to be leaked.

Researchers claim the company's device enrollment programme could have been used to exploit information on devices using their serial numbers.

The programme is used to authenticate and manage products - such as iPhones, MacBooks and iPads - with organisations like the New York Police Department rolling out custom apps for officers.

However, Duo Security has found that the serial number is all a potential hacker would need to access sensitive information from devices enrolled in the service.

A paper from the company's senior research and designer engineer James Barclay - along with Duo Labs director Rich Smith - has found that entering the number to request activation records meant they were able to retrieve an organisation's address, phone number and email addresses.

Although there are different ways to get the number, Smith said the 12-character code was easy for Duo Security to get using a programme to generate every possible serial number.

He said: "While we aren't releasing the code, I'm not going to pretend to be under the impression that this is something that can't be reproduced.

"It would not be difficult for someone to replicate the code that we've developed."

However, Apple doesn't consider this to be a vulnerability, as it already recommends that organisations apply security measures to limit possible attacks.

Sponsored Content