Attestation
Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1398 | Boot or Logon Initialization Scripts |
Device attestation could detect devices with unauthorized or unsafe modifications. |
|
| Mobile | T1623 | Command and Scripting Interpreter |
Device attestation can often detect jailbroken or rooted devices. |
|
| .001 | Unix Shell |
Device attestation can often detect jailbroken or rooted devices. |
||
| Mobile | T1645 | Compromise Client Software Binary |
Device attestation could detect devices with unauthorized or unsafe modifications. |
|
| Mobile | T1634 | Credentials from Password Store |
Device attestation can often detect jailbroken devices. |
|
| .001 | Keychain |
Device attestation can often detect jailbroken devices. |
||
| Mobile | T1404 | Exploitation for Privilege Escalation |
Device attestation can often detect jailbroken or rooted devices. |
|
| Mobile | T1625 | Hijack Execution Flow |
Device attestation could detect unauthorized operating system modifications. |
|
| .001 | System Runtime API Hijacking |
Device attestation could detect unauthorized operating system modifications. |
||
| Mobile | T1617 | Hooking |
Device attestation can often detect rooted devices. |
|
| Mobile | T1630 | Indicator Removal on Host |
Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. |
|
| .001 | Uninstall Malicious Application |
Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices. |
||
| Mobile | T1424 | Process Discovery |
Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. |
|