State-sponsored hackers try to exploit flaw in popular mobile software, UK warns

Access to a mobile device management server is gold for an attacker.
mobile device management

Suspected state-sponsored hackers and cybercriminals are trying to exploit a five-month-old vulnerability in popular mobile device management software to target a range of U.K. organizations in the local government, health, logistics and legal sectors, the British government warned Monday.

Organizations use the affected software to manage mobile devices from a central server, “making them a valuable target for threat actors,” the U.K.’s National Cyber Security Centre (NCSC) said in a security advisory. By breaking into the mobile device management (MDM) software, snoops could selectively steal information from mobile devices communicating with the MDM server. Some of the exploitations have been successful, the NCSC said without elaborating.

The NCSC did not name any foreign governments suspected to be behind the activity. It was also unclear what type of health care organizations were targeted.

The NCSC declined to comment.


The advisory is part of a consistent effort by the U.K. and U.S. governments to blunt the impact of foreign espionage campaigns aimed at American and British companies. Sometimes, the advisories are more explicit. The National Security Agency and FBI in August publicized a hacking tool allegedly used by Russian military intelligence to target Linux systems.

In this case, the critical flaw exists in MDM software made by MobileIron, a Silicon Valley company with offices on multiple continents. MobileIron issued a fix for the remote-code execution bug in June, urging customers to apply it. But exploitation of the vulnerability has picked up since September, when researchers released a proof-of-concept exploit, according to the NCSC.

MobileIron estimated in October that “90-95%” of devices were running updated software, free of the flaw. But that still could leave vulnerable devices of value to state and criminal attackers.

The NCSC advisory is a reminder of the immense value that access to MDM software hold for attackers. An unrelated hacking campaign revealed in 2018 targeted just 13 iPhones in India by using an open-source MDM server to inject malicious code into mobile apps.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts