Adversaries may exploit software vulnerabilities to gain initial access to a mobile device.
This can be accomplished in a variety of ways. Vulnerabilities may be present in applications, services, the underlying operating system, or in the kernel itself. Several well-known mobile device exploits exist, including FORCEDENTRY, StageFright, and BlueBorne. Further, some exploits may be possible to exploit without any user interaction (zero-click), making them particularly dangerous. Mobile operating system vendors are typically very quick to patch such critical bugs, ensuring only a small window where they can be exploited.
| ID | Name | Description |
|---|---|---|
| S1094 | BRATA |
BRATA has abused WhatsApp vulnerability CVE-2019-3568 to achieve initial access.[1] |
| S0289 | Pegasus for iOS |
Pegasus for iOS has used zero-day iMessage exploits for initial access.[2] |
| ID | Mitigation | Description |
|---|---|---|
| M1058 | Antivirus/Antimalware |
Mobile security products can potentially detect if a device is vulnerable to a known exploit and can alert the user to update their device. |
| M1001 | Security Updates |
Security updates frequently contain patches for known software vulnerabilities. |
| ID | Data Source | Data Component | Detects |
|---|---|---|---|
| DS0013 | Sensor Health | Host Status |
Mobile security products can often alert the user if their device is vulnerable to known exploits. |