JAMF, the famous remote control tool for Apple devices can be hacked with a single line of code

Just a few days ago it was learned of the devastating cyberattack that impacted thousands of companies through the service provider Kaseya, a very severe incident that may not be the only one in the near future, as experts say that hacking groups will increasingly focus on the abuse of remote management tools, as they see them as a “master key” to access thousands of vulnerable deployments.

In this regard, the team of researchers composed of Calum Hall and Luke Roberts plans to reveal some techniques for the compromise of JAMF, a remote control tool for macOS devices. As with Kaseya, system administrators use JAMF to configure and manage thousands of devices on a single computer network.

In the research, which will be shown at the upcoming Black Hat conference, experts will demonstrate how to abuse this tool for spying, file theft, access to other devices and malware installation: “Tools that enable the management of large networks can also give hackers a large point of access to vulnerable systems” , the experts mention.

Using only a modified line of code in the configuration file of the computer on which JAMF is running, the researchers forced a connection to a malicious server instead of the legitimate server.

As if that weren’t enough, employing a second method, the researchers managed to impersonate a personal computer by running JAMF as if it were a server in order to trick users into handing over their login credentials.

JAMF and Kaseya aren’t the only remote management tools that can be exploited by threat actors, Jake Williams, a former NSA employee, recently mentioned: “Tools like ManageEngine, TeamViewer, NetSarang, DameWare, and GoToMyPC are extremely vulnerable to these types of attacks; they usually don’t have limited privileges on the target system and often even evade antivirus scanning on a large number of devices,” williams says.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.