SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Can ransomware infect an MS Exchange server by opening email on a phone?
Go
New
Find
Notify
Tools
Reply
  
Can ransomware infect an MS Exchange server by opening email on a phone? Login/Join 
Oz_Shadow
Go Vols!
Picture of Oz_Shadow
posted
This is just my personal research.

Can checking email on a phone connected to a MS Exchange server trigger ransomware and viruses on the actual MS Exchange Server?

I think it is 2013, located in house.

I suspect one person is opening every single email that comes in on the device.
 
Posts: 17944 | Location: SE Michigan | Registered: February 10, 2007Reply With QuoteReport This Post
smschulz
quarter MOA visionary
Picture of smschulz
posted Hide Post
I don't see how unless the phone has the ability to control the server or DC or put files on those servers that can control it.
 
Posts: 23410 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
ensigmatic
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by smschulz:
I don't see how unless the phone has the ability to control the server or DC or put files on those servers that can control it.

This ^^^^^, I should think.

(N.B.: If anybody would know, smschulz would be the guy.)


"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26031 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
grumpy1
Member
Picture of grumpy1
posted Hide Post
Assuming best security practices are followed on the server, which built in tools can help evaluate, and the user's credentials are not in the administrators group directly or through nested groups for the server/domain then I would think not. Advanced logging on the server should be able to help track it down.
 
Posts: 9927 | Location: Northern Illinois | Registered: March 20, 2009Reply With QuoteReport This Post
architect
Optimistic Cynic
Picture of architect
posted Hide Post
Is it possible? Of course.

Is it likely? IMO, not so much.

Consider what has to happen:

1) the phone's mailer fetches the mail message to on-phone storage, e.g. via IMAP.

2) the mailer on the phone displays the message to the phone user, and in the process of doing so executes the malware payload. The mailer on the phone has to be configured to allow automatic execution of embedded content, java, scripts, etc. The payload must be written in code that the phone and its OS can run, and that code must have sufficient function to perform the necessary operations. HTML, for one, does not have the required operators.

3) The executed payload must write to the file system on the mail server (or some other file server), "infecting" the server, or encrypting files on the server's disk. This means some server connection other than mail must be present to allow the phone to access a network file system, there is no "auto-writeback" in the mail protocol itself.

Doing this seems to present a high enough degree of difficulty, and low enough chance of success that few would attempt this path of compromise.
 
Posts: 6934 | Location: NoVA | Registered: July 22, 2009Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Can ransomware infect an MS Exchange server by opening email on a phone?

© SIGforum 2024