I am pretty sure you’ve heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches “soon” (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE and Android Enterprise is it easy!(more…)
This practical entry briefly outlines how to force or defer OS Update for Apple iOS devices (iPhones, iPads). There are two completely opposite use cases for this:
- Critical 0-day vulnerability – must force push OS Update to patch the devices
- Business critical apps not tested with the latest iOS update – must delay/disallow update before testing. This is a better known challenge to Apple device managers, since typically user is allowed to update manually.
There’s been recently a wave of news along the “OMG Apple DEP is insecure we are all doomed” line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process
Step 1: Go to your DEP profile in Settings -> Devices -> Apple -> Device Enrollment Program
Step 2: Ensure Authentication is ON
Step 3: You are done. Really, this “vulnerability” is only serious in two cases:
- Using no authentication, implicitly trusting anything that comes
from the Internetover DEP
- Staging (specifically using the staging process with the staging user) sensitive information – certificates, etc. Just don’t – have all the sensitive bits assigned to the end-user who has to authenticate.
So, now you are armed with knowledge!
- A deeper look at DEP from the very same Duo Security (how many Twitter reposters have actually found it at all? 🙂 )
- An even deeper look into DEP security from BlackHat if you really want to
hack someoneexplore further possibilities
- WS1 UEM DEP Guide with this and other cool features.
- DEP Best Practices from WS1 UEM – Security etc.