Are iOS MDM profile config file meant to be public?

Question

Below is my sample MDM profile.mobileconfig file.

<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
    <dict>
        <key>AccessRights</key>
        <integer>8191</integer>
        <key>CheckInURL</key>
        <string> [my url] </string>
        <key>CheckOutWhenRemoved</key>
        <true/>
        <key>PayloadDescription</key>
        <string>Configures Mobile Device Management</string>
        <key>PayloadDisplayName</key>
        <string>Mobile Device Management</string>
        <key>PayloadIdentifier</key>
        <string>com.mytests.mdm</string>
        <key>PayloadOrganization</key>
        <string> [my organisation] </string>
        <key>PayloadType</key>
        <string>com.apple.mdm</string>
        <key>PayloadUUID</key>
        <string> [my payload] </string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>ServerURL</key>
        <string> [my url] </string>
        <key>SignMessage</key>
        <true/>
        <key>Topic</key>
        <string>com.novabase.mdm.pushcert</string>
        <key>UseDevelopmentAPNS</key>
        <true/>
    </dict>
</array>
<key>PayloadDescription</key>
<string>Profile description.</string>
<key>PayloadDisplayName</key>
<string>MDM test</string>
<key>PayloadIdentifier</key>
<string>com.mytests.mdm</string>
<key>PayloadOrganization</key>
<string> [my organisation] </string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>11-22-33-44</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Password</key>
<string>123456</string>
<key>PayloadCertificateFileName</key>
<string>mdmkey.p12</string>
<key>PayloadContent</key>
<data>MY SIGNING KEY HERE
</data>
<key>PayloadDescription</key>
<string>Adds a PKCS-12 certificate</string>
<key>PayloadDisplayName</key>
<string>mdmkey.p12</string>
</dict>
</plist>

In the above file you could see my password and p12 signing key. By seeing this I'm curious whether this file is meant to be public ?

If this should be kept private,

1. What are all the steps I should take to keep this file private and secure ?
2. what can a malicious hacker do if he gets access to the above file ? OR What are all the actions one can do if he gets access to this file ?
3. What are all the actions I should take to keep myself secure if my mdm profile file is accessed by a hacker ?

Answer 1

So technically iOS would (should?) refuse MDM profile install if it is not delivered over SSL.

Therefore, barring any MiTM attacks, corporate proxies etc. you have at least the SSL protection of your certificate and password.

However, others have been concerned about this as you are, and so iOS supports SCEP key delivery since pretty much iOS 5, where the device generates private keys and server signs the certificate so the server has only the public key.

So to answer your questions:

1. Instead of sending certificate and password, use SCEP
2. If an attacker gets ahold of private keys (the whole certificate contains private keys) they can then decrypt configuration profiles that are installed via MDM commands from the server. The payloads may contain sensitive information (VPN/Email passwords, other certificates etc.)
3. Practically speaking i imagine it is hard to know whether a cert has been accessed by a hacker. You should monitor for irregular behaviour as a general risk mitagation strategy (e.g. multiple concurrent requests from geo dispersed IP addresses, command replays, missing certificate in response to CertificateList command)