News Releases

SAN FRANCISCO, Aug. 2, 2018 /PRNewswire/ -- Fleetsmith, the provider of secure, automated Apple device management, today announced that its CSO, CPO, and co-founder, Jesse Endahl is presenting a deep dive session on macOS MDM and DEP system internals and protocols at this year's Black Hat USA 2018. DEP and MDM are technologies created by Apple that allow for powerful device management and automation of IT and security configurations in the enterprise. The session, co-presented with Dropbox engineer Max Bélanger, will focus on exploring the way the bootstrapping process works with Apple's DEP and MDM technologies. Specifically, they will walk through each step of the process, from interprocess communication within the operating system, to network calls made to/from remote servers. They will also reveal a vulnerability found in the bootstrapping process. This year's Black Hat USA event runs from August 4—9 and will take place at the Mandalay Bay Hotel in Las Vegas, Nevada.

"The introduction of User-Approved MDM and continued enhancements to security technologies such as SIP, Gatekeeper, and others, demonstrate that Apple is committed to long-term, comprehensive, platform security for macOS, and for mobile device management. However, under the hood, the DEP and MDM implementations involve many moving parts, and the bootstrapping process exposes vulnerabilities when a device is brought to a fully-provisioned state," said Jesse Endahl, CSO, CPO, and co-founder of Fleetsmith. "My session with Max will walk attendees through the stages of device bootstrapping via DEP and MDM in macOS, and demonstrate how an attacker can exploit a part of this process to compromise a brand new device as it boots up and the user logs in for the first time."

Offering a next-gen SaaS solution for Apple fleet device management, Fleetsmith provides IT, ops, security, and office managers, with an easy, full-featured way to manage and secure macOS devices. The company recently announced Fleetsmith Intelligence, the industry's first free product that provides real-time visibility into a company's entire device fleet, surfacing business and security risks before it is too late. If issues are found, admins can fix them with a single click by upgrading devices to Fleetsmith Managed, Fleetsmith's subscription-based device management product. Fleetsmith Managed provides customers with an automated, zero-touch process of provisioning computers for new employees, which increases onboarding speed without compromising on security capabilities. With Fleetsmith Managed, users can easily provision and keep track of all devices, while deploying, installing, and maintaining software on every managed device, as well as allowing for enforcement of security features and policies necessary for security and compliance.

Black Hat is one of the most popular and technical information security events in the world. Over the last 20 years, this event series has provided its attendees with the most cutting-edge research, development, and security industry trends in a strictly vendor-neutral environment. The information and training, available through the Black Hat program addresses the biggest issues and demands in the information security industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

About Fleetsmith
Fleetsmith automates device setup, fleet intelligence, app and OS updates, and security across a company's Apple device fleet. Founded by former IT and security leaders from Dropbox and Fandom, Fleetsmith combines world-class product and security engineering with a powerful, intuitive interface that makes advanced Apple device management available for everyone. Fleetsmith is based in San Francisco and backed by Index Ventures, Harrison Metal, and Upfront Ventures. Try it for free at fleetsmith.com.

SOURCE Fleetsmith