MS Thesis Defense - Sujit Shrestha

A Security Analysis of Enterprise Mobility Manager (EMM)

Sujit Shrestha, MS Candidate

Friday, November 4, 2016, 3:00 pm
Dunn Hall 311

Committee Members:
Prof. Dipankar Dasgupta
Prof. Deepak Venugopal
Prof. Naveen Kumar

Abstract:
An exponential increase in use of insecure mobile devices in enterprises raises a greater risk to enterprises’ data confidentiality. Due to which, many enterprises are adapting a reliable solution known as Enterprise Mobility Manager (EMM). EMM securely manages and maintains various enrolled mobile devices, enterprises’ applications as well as content.

To this end, EMM is becoming very famous among all enterprises. However, it seems that a focus is only done on design and implementation of the solution. There is no proper task done that evaluates security of the EMM solution and its features. Indeed, the reliability of solution depends upon types of mobile devices and their OS.

Keeping these in mind, a rigorous security analysis is done on one of open sources EMM solutions to find potential security issues. The analysis reveals various issues such as sensitive information disclosure and well-known vulnerabilities in the solution. With sophisticated exploit tools, some valid attacks are successfully performed which defeat EMM’ security features such as locate device, wipe data and lock device. In the end, a prototype is developed that perform checks which might lead to failure of EMM’s features. With the help of this prototype, EMM admin can determine compatibility of devices prior to enroll them in EMM solution.