Deploy Compromised Device Detection Method

A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.

ID: M1010
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1605 Command-Line Interface

Mobile security products can often detect jailbroken or rooted devices.

Mobile T1446 Device Lockout
Mobile T1579 Keychain

Mobile security products can potentially detect jailbroken devices and take responsive action.