CVE-2024-35118
📋 TL;DR
IBM MaaS360 for Android versions 6.31 through 8.60 contain hard-coded credentials that can be extracted by anyone with physical access to the device. This allows unauthorized access to MaaS360 functionality and potentially sensitive enterprise data managed through the application. Only Android devices running the affected MaaS360 versions are impacted.
💻 Affected Systems
- IBM MaaS360 for Android
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical device access extracts credentials, gains administrative access to MaaS360, and exfiltrates sensitive enterprise data, modifies device policies, or performs unauthorized actions on managed devices.
Likely Case
An employee or unauthorized person with temporary physical access extracts credentials and accesses enterprise data or settings they shouldn't have permission to view.
If Mitigated
With proper mobile device management policies, device encryption, and physical security controls, the risk is limited to authorized users who might access functionality beyond their intended permissions.
🎯 Exploit Status
Exploitation requires physical device access and ability to extract credentials from the application, which could be done through various Android debugging or reverse engineering techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to IBM MaaS360 for Android version 8.61 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7166750
Restart Required: Yes
Instructions:
1. Open Google Play Store on affected Android devices. 2. Search for IBM MaaS360. 3. If update is available, tap Update. 4. Restart device after update completes. 5. Verify version is 8.61 or higher in MaaS360 settings.
🔧 Temporary Workarounds
Enhance Physical Security Controls
allImplement strict physical security policies for mobile devices including device encryption, strong screen locks, and remote wipe capabilities.
Restrict Debugging Capabilities
androidDisable USB debugging and developer options on corporate Android devices to make credential extraction more difficult.
🧯 If You Can't Patch
- Implement strict physical security controls for all mobile devices and enforce device encryption
- Monitor for unusual MaaS360 activity and implement least privilege access controls within the application
🔍 How to Verify
Check if Vulnerable:
Check MaaS360 version in app settings. If version is between 6.31 and 8.60 inclusive, the device is vulnerable.Check Version:
Open IBM MaaS360 app → Settings → About → Check version numberVerify Fix Applied:
Verify MaaS360 version is 8.61 or higher in app settings after update.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication patterns in MaaS360 logs
- Access from unexpected user accounts or devices
Network Indicators:
- Unusual API calls to MaaS360 services from unexpected locations
SIEM Query:
source="maas360" AND (event_type="authentication" AND result="success" AND user NOT IN authorized_users)