1. Home
  2. Techniques
  3. Mobile
  4. Account Access Removal

Account Access Removal

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.

ID: T1640
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android
Version: 1.1
Created: 06 April 2022
Last Modified: 15 March 2023
Version Permalink

Procedure Examples

ID Name Description
S0407 Monokle

Monokle can reset the user's password/PIN.[1]

Mitigations

ID Mitigation Description
M1011 User Guidance

Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.

Detection

ID Data Source Data Component Detects
DS0041 Application Vetting Permissions Requests

Application vetting services could closely scrutinize applications that request Device Administrator permissions.

References

  1. Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.