Adversaries may exploit software vulnerabilities to gain initial access to a mobile device.
This can be accomplished in a variety of ways. Vulnerabilities may be present in the applications, the services, the underlying operating system, or the kernel itself. Several well-known mobile device exploits exist, including FORCEDENTRY, StageFright, and BlueBorne. Furthermore, some exploits may be possible to exploit without any user interaction (i.e. zero-click exploits, see Exploitation for Client Execution), making them particularly dangerous. Mobile operating system vendors are typically very quick to patch such critical bugs, ensuring only a small window where they can be exploited.
| ID | Name | Description |
|---|---|---|
| S1094 | BRATA |
BRATA has abused WhatsApp vulnerability CVE-2019-3568 to achieve initial access.[1] |
| S0289 | Pegasus for iOS |
Pegasus for iOS has used zero-day iMessage exploits for initial access.[2] |
| ID | Mitigation | Description |
|---|---|---|
| M1058 | Antivirus/Antimalware |
Mobile security products can potentially detect if a device is vulnerable to a known exploit and can alert the user to update their device. |
| M1001 | Security Updates |
Security updates frequently contain patches for known software vulnerabilities. |
| ID | Name | Analytic ID | Analytic Description |
|---|---|---|---|
| DET0666 | Detection of Exploitation for Initial Access | AN1760 |
Mobile security products can often alert the user if their device is vulnerable to known exploits. |
| AN1761 |
Mobile security products can often alert the user if their device is vulnerable to known exploits. |