advisory-2019-bb01

BlackBerry UEM Advisory

BlackBerry UEM is missing security features which allow it to verify the integrity and authenticity of a work application, allowing attackers with operating system access on the Android and Apple iOS platforms to spoof the work application(s), and therefore access protected enterprise resources.

Product Description

BlackBerry UEM is a multiplatform EMM solution that provides device, app, and content management with integrated security and connectivity, and helps manage iOS, macOS, Android, Windows 10, and BlackBerry 10 devices. BlackBerry UEM is included in the Management, Enterprise, Collaboration, Application, and Content Editions of the BlackBerry Enterprise Mobility Suites.

Source: https://docs.blackberry.com/en/endpoint-management/blackberry-uem/

Vulnerability Description

It was determined that, on the Apple iOS and Android operating systems, arbitrary applications could be installed which presented themselves, by impersonating the parametrization of the installed application, as valid work enabled applications to BlackBerry UEM.

BlackBerry UEM failed to identify the rogue applications and therefore granted access to enterprise resources otherwise available only to trusted work applications, such as tunneled network resources, files or other EMM resources.

Proof of Concept

Available on request.

Solution / Workaround

Additional functionality which allows app attestation for the mobile devices is implemented in UEM version 12.11 and above, and Dynamics SDK versions 6.0 and above. It is recommended to upgrade to this or any later version and enable app attestation where applicable.

Risk Mitigation

For a successful exploitation, the attacker would require access to the device or would need to convince the user via social engineering or other means to remove software from their phone and side-load the malicious application.