Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Read some news about Mercedes Benz integrating Microsoft Teams, Intune, and CoPilot into MBUX/MB.OS. https://media.mercedes-benz.com/article/931e7af1-2d57-4e90-9e1e-252289e70648. Sounds like a very interesting research project for someone with both the money to buy a Mercedes-Benz CLA and the resources to tear one apart. See how it works, what could be exploited, and what digital artficats could be recovered.
I would be interested to see how a user authenticates with the applications. Could a bad actor with a cloned key gain access to the user’s MS Teams? Or is there some sort of authentication mechanism like MFA everytime they want to use the apps? I look forward to the future research articles.
What happens if the organization itself gets compromised and a bad actor gets access to Intune itself. What can they do to the car? Is it purely being able to wipe the endpoint?
Interesting Links: