The Apple DEP flaw explained – and how to bolster security

Researchers have highlighted a vulnerability in Apple’s Device Enrollment Program that, in some circumstances, could leave corporate networks and data insecure. But companies can mitigate the danger.

On Thursday, researchers disclosed a vulnerability in Apple's Device Enrollment Program (DEP) that could allow malicious actors to compromise a corporate network. The issue, however, is more a process flaw than a functional weakness in Apple's services, devices or encryption mechanisms. (It exploits the serial number of a corporate device to gain access to a company's mobile device management (MDM) service.)

Although there are many Apple skeptics that quickly want to point to this issue as proof that Apple doesn't understand enterprise security - and thus, has no place in the business world - the truth is that this weakness can be mitigated easily, and may already be a non-issue at most companies.

What is DEP and how does it work?

Apple introduced DEP in early 2014 as a way to make bulk configuring and deploying iOS devices easier for IT departments. It streamlines the very beginning of the iOS setup process for businesses and allows a device simply to be handed to a user (potentially still in the box) and to auto-configure itself on first use. That means IT doesn't need to be part of the process, saving time for both IT shops and users - and it prevents any errors in the setup process.

To continue reading this article register now

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon