1. Home
  2. Techniques
  3. Mobile
  4. Access Calendar Entries

Access Calendar Entries

An adversary could call standard operating system APIs from a malicious application to gather calendar entry data, or with escalated privileges could directly access files containing calendar data.

ID: T1435
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Collection
Platforms: Android, iOS
MTC ID: APP-13
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

ID Name Description
S0405 Exodus

Exodus Two can exfiltrate calendar events.[1]

S0408 FlexiSpy

FlexiSpy can collect the device calendars.[2]
S0407 Monokle

Monokle can retrieve calendar event information including the event name, when and where it is taking place, and the description.[3]

S0316 Pegasus for Android

Pegasus for Android accesses calendar entries.[4]
S0328 Stealth Mango

Stealth Mango uploads calendar events and reminders.[5]

Mitigations

ID Mitigation Description
M1005 Application Vetting

On Android, accessing device calendar data requires that the app hold the READ_CALENDAR permission. Apps that request this permission could be closely scrutinized to ensure that the request is appropriate. On iOS, the app vetting process can determine whether apps access device calendar data, with extra scrutiny applied to any that do so.

Detection

On both Android (6.0 and up) and iOS, the user can view which applications have permission to access calendar information through the device settings screen, and the user can choose to revoke the permissions.

References

  1. Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.
  2. Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.
  3. Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.
  1. Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
  2. Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.