Thank you to Tidal Cyber and SOC Prime for becoming ATT&CK's first Benefactors. To join the cohort, or learn more about this program visit our Benefactors page.

Lock Bootloader

On devices that provide the capability to unlock the bootloader (hence allowing any operating system code to be flashed onto the device), perform periodic checks to ensure that the bootloader is locked.

ID: M1003

Version: 1.0

Created: 25 October 2017

Last Modified: 17 October 2018

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID	Name	Use
Mobile	T1398	Boot or Logon Initialization Scripts	A locked bootloader could prevent unauthorized modifications to protected operating system files.
Mobile	T1645	Compromise Client Software Binary	A locked bootloader could prevent unauthorized modifications of protected operating system files.
Mobile	T1458	Replication Through Removable Media	Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.

Lock Bootloader

Mobile Layer

Techniques Addressed by Mitigation