Lock User Out of Device
An adversary may seek to lock the legitimate user out of the device, for example until a ransom is paid.
On Android versions prior to 7, apps can abuse Device Administrator access to reset the device lock passcode to lock the user out of the device.
On iOS devices, this technique does not work because mobile device management servers can only remove the screen lock passcode, they cannot set a new passcode. However, on jailbroken devices, malware has been demonstrated that can lock the user out of the device .
|Application Vetting||It is rare for applications to utilize Device Administrator access. App vetting can detect apps that do so, and those apps should be closely scrutinized. Maggi and Zanero4 describe a static analysis approach that can be used to identify ransomware apps including apps that abuse Device Administrator access.|
|Caution with Device Administrator Access|
|Deploy Compromised Device Detection Method|
|Use Recent OS Version|
- Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.
- Federico Maggi and Stefano Zanero. (2016). Pocket-Sized Badness - Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game. Retrieved December 21, 2016.