The sub-techniques beta is now live! Read the release blog post for more info.

Exploit TEE Vulnerability

A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) [1]. The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data [2]. Escalated operating system privileges may be first required in order to have the ability to attack the TEE [3]. If not, privileges within the TEE can potentially be used to exploit the operating system [4].

ID: T1405
Tactic Type: Post-Adversary Device Access
Tactic: Credential Access, Privilege Escalation
Platform: Android
MTC ID: APP-27
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Mitigations

Mitigation Description
Application Vetting
Security Updates
Use Recent OS Version

References