Mobile device management: intruders at Mobile Guardian wipe thousands of devices
Intruders at Mobile Guardian, a provider of mobile device management, have remotely wiped thousands of devices.
Burglars have caused major damage to the IT systems of the UK company Mobile Guardian. In Singapore, for example, they remotely deleted thousands of devices that are managed using mobile device management software with a focus on the education sector.
The company operates internationally and offers management software for mobile devices in the education sector, for example for schools. Mobile Guardian has confirmed in a statement that there was a security incident on 4 August in which unauthorized access was gained to iOS and ChromeOS devices managed with the Mobile Guardian platform. The incident was not related to a configuration error at the end of July, which led to malfunctions of iPads managed in the Singapore instance.
MDM: Thousands of devices deleted remotely
On Sunday 4 August at around 4pm Central European Time, Mobile Guardian was alerted to suspicious activity and unauthorized access to the MDM platform. The IT security team immediately took steps to contain the incident and stopped the servers. The investigation into the intrusion is still ongoing. The Singapore Ministry of Education relies on the Mobile Guardian platform and reports around 13,000 pupils and students whose devices were deleted by the attackers. So far, there are no indications that user data has been accessed by the attackers.
In response, the Ministry of Education is removing the Mobile Guardian app from all iPads and Chromebooks for the time being. It is also endeavoring to restore the devices for normal use. It is also considering taking other measures to manage device usage to support learning.
However, Mobile Guardian explains that it is not just the Singapore instance that is affected, but the platform globally, including North America and Europe. The affected devices are only a small percentage of the systems managed worldwide. Due to the suspension of services, users are unable to log into the Mobile Guardian platform and students only have limited access to their devices. Those affected should contact their local IT admins so that they can reactivate the devices. However, Mobile Guardian has not yet reported on any possible ransom demands or further information.
(dmk)