DEP Security Vulnerability

Valued Contributor II

Seems there is an article out regarding the potential insecurity of Apple using device serial as the DEP enrollment identifier.

We kind of know this already, as you can spoof a serial into a VM and have DEP pick it up.


Duo Labs MDM report


Valued Contributor

There's some nuance in the Duo report and I wonder if Apple can shore up some of the exposure especially around rate limiting serial number checks.

It's important to be aware of the benefit of requiring authentication during DEP but it wouldn't be an option for all organizations.

I'd rather link directly to the report and bypass clickbait and chicken little.

Valued Contributor

We're going to turn on authentication for the most part, but since all machines go through us first (usually in large batches) we'll turn it off when we're imaging multiple machines, Then turn it back on when we're done. It only takes a minute to authenticate, but over 70 machines in a batch that's some time wasted.