iPhone Mirroring at work may expose employees’ personal information

by jjguyon 10/8/2024, 1:11 PMwith 73 comments

by dml2135on 10/8/2024, 1:58 PM

Don’t you need to be signed in to the same iCloud account on both your laptop and phone to use this feature? That would mean that in order to encounter this issue you already need to be using a work account on a personal device, or vice versa.

Since that’t the case I fail to see how this is a large vulnerability. The article doesn’t seem to address this point (possible I just missed this).

by sigioon 10/8/2024, 1:52 PM

Duh, don't mix work and private devices / data

by mustyoshion 10/8/2024, 2:57 PM

The PSA should just be don't mix your personal and work devices.

by notinmykernelon 10/19/2024, 5:50 AM

FYI: Amazon has been doing this to all employees who download any work related apps, since at least 2020.

by deckar01on 10/8/2024, 2:03 PM

There also seems to be a bug in the VPN that requires sending all traffic when the VPN address is on a different subnet. It should be possible to manually specify subnet mask, but it seems to be ignored. I’m not sure if the VPN is advertising this incorrectly, but it worked fine before upgrading.

by Havocon 10/8/2024, 6:42 PM

Two phones all the way. For most knowledge workers the cost of an mid tier iPhone is inconsequential anyway

by dcchamberson 10/8/2024, 3:42 PM

I miss out on a lot of nice MacOS features because I refuse to sign into my personal iCloud account on my work mac, even though we are allowed to do so.

Oh well. Gotta draw the line somewhere I guess.

by likeabatterycaron 10/8/2024, 2:53 PM

So the threshold of concern by a "security" company is "they might audit your apps and find out you're gay!"

Yet not a single concern about tethering an iPhone (with an external connection) to a PC on the company's internal network, bypassing all firewalls, proxies, and other protections. That is grounds for immediate dismissal at some places.

I expect security people to think more like network engineers and less like teenagers gossiping in the canteen.

by lxgron 10/8/2024, 3:13 PM

Speaking of iPhone Mirroring: Doesn't this effectively downgrade two-factor authentication to a single factor for flows like "tap 'yes' on your phone to login"?

I've been wondering if there is a way for iOS authenticator apps to opt out of mirroring, but haven't found anything so far.

by senecaon 10/8/2024, 2:04 PM

It's incredible to me how many people log into personal account on work devices. People should really research the amount of data security tools harvest.

by ein0pon 10/8/2024, 7:44 PM

Anyone who uses their personal iPhone and/or iCloud account for work is a moron.