System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, and architecture.

On Android, much of this information is programmatically accessible to applications through the android.os.Build class[1].

On iOS, techniques exist for applications to programmatically access this information[2].

ID: T1426

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android, iOS

Version: 1.1

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

Examples

Name Description
ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A gathers the device OS version.[3]

KeyRaider

Most KeyRaider samples search to find the Apple account's username, password and device's GUID in data being transferred.[4]

Pallas

Pallas queries the device for metadata, such as device ID, OS version, and the number of cameras.[5]

Pegasus for iOS

Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software.[6]

RuMMS

RuMMS gathers device model and operating system version information and transmits it to a command and control server.[7]

References