Privilege Escalation

The adversary is trying to gain higher-level permissions.

Privilege escalation includes techniques that allow an attacker to obtain a higher level of permissions on the mobile device. Attackers may enter the mobile device with very limited privileges and may be required to take advantage of a device weakness to obtain higher privileges necessary to successfully carry out their mission objectives.

ID: TA0029
Created: 17 October 2018
Last Modified: 27 January 2020


Techniques: 4
ID Name Description
T1540 Code Injection Adversaries may use code injection attacks to implant arbitrary code into the address space of a running application. Code is then executed or interpreted by that application. Adversaries utilizing this technique may exploit capabilities to load code in at runtime through dynamic libraries.
T1401 Device Administrator Permissions Adversaries may request device administrator permissions to perform malicious actions.
T1404 Exploit OS Vulnerability A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.
T1405 Exploit TEE Vulnerability A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) . The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data . Escalated operating system privileges may be first required in order to have the ability to attack the TEE . If not, privileges within the TEE can potentially be used to exploit the operating system .