Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
On Android versions prior to 7, apps can abuse Device Administrator access to reset the device lock passcode, preventing the user from unlocking the device. After Android 7, only device or profile owners (e.g. MDMs) can reset the device’s passcode.
On iOS devices, this technique does not work because mobile device management servers can only remove the screen lock passcode; they cannot set a new passcode. However, on jailbroken devices, malware has been discovered that can lock the user out of the device.
|M1006||Use Recent OS Version||
Android 7 changed how the Device Administrator password APIs function.
Users should be cautioned against granting administrative access to applications.
On Android, users can review which applications have Device Administrator access in the device settings and revoke permission where appropriate. Application vetting services can detect and closely scrutinize applications that utilize Device Administrator access.