The adversary is trying to gain higher-level permissions.
Privilege escalation includes techniques that allow an attacker to obtain a higher level of permissions on the mobile device. Attackers may enter the mobile device with very limited privileges and may be required to take advantage of a device weakness to obtain higher privileges necessary to successfully carry out their mission objectives.
ID | Name | Description | |
T1540 | Code Injection | Adversaries may use code injection attacks to implant arbitrary code into the address space of a running application. Code is then executed or interpreted by that application. Adversaries utilizing this technique may exploit capabilities to load code in at runtime through dynamic libraries. | |
T1401 | Device Administrator Permissions | Adversaries may request device administrator permissions to perform malicious actions. | |
T1404 | Exploit OS Vulnerability | A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges. | |
T1405 | Exploit TEE Vulnerability | A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) . The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data . Escalated operating system privileges may be first required in order to have the ability to attack the TEE . If not, privileges within the TEE can potentially be used to exploit the operating system . |