cti/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json

{
    "type": "bundle",
    "id": "bundle--4ffd2d57-38e9-48cb-8720-5c59e8dcd477",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_platforms": [
                "Android",
                "iOS"
            ],
            "x_mitre_domains": [
                "mobile-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "type": "attack-pattern",
            "id": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
            "created": "2017-10-25T14:48:17.886Z",
            "x_mitre_version": "2.0",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "external_id": "T1446",
                    "url": "https://attack.mitre.org/techniques/T1446"
                },
                {
                    "source_name": "Xiao-KeyRaider",
                    "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/",
                    "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016."
                },
                {
                    "source_name": "Android resetPassword",
                    "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#resetPassword(java.lang.String,%20int)",
                    "description": "Google. (n.d.). DevicePolicyManager. Retrieved October 1, 2019."
                },
                {
                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-28.html",
                    "source_name": "NIST Mobile Threat Catalogue",
                    "external_id": "APP-28"
                }
            ],
            "x_mitre_deprecated": false,
            "revoked": true,
            "description": "An adversary may seek to lock the legitimate user out of the device, for example to inhibit user interaction or to obtain a ransom payment.\n\nOn Android versions prior to 7, apps can abuse Device Administrator access to reset the device lock passcode to prevent the user from unlocking the device. After Android 7, only device or profile owners (e.g. MDMs) can reset the device\u2019s passcode.(Citation: Android resetPassword)\n\nOn iOS devices, this technique does not work because mobile device management servers can only remove the screen lock passcode, they cannot set a new passcode. However, on jailbroken devices, malware has been discovered that can lock the user out of the device.(Citation: Xiao-KeyRaider)",
            "modified": "2022-04-01T18:49:51.039Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Device Lockout",
            "x_mitre_detection": "On Android, users can review which applications have device administrator access in the device settings, and revoke permission where appropriate.",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "impact"
                },
                {
                    "kill_chain_name": "mitre-mobile-attack",
                    "phase_name": "defense-evasion"
                }
            ],
            "x_mitre_is_subtechnique": false,
            "x_mitre_tactic_type": [
                "Post-Adversary Device Access"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}