Skip to content

M1002 Attestation

Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.

Item Value
ID M1002
Version 1.0
Created 18 October 2019
Last Modified 18 October 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
mobile T1605 Command-Line Interface Device attestation can often detect jailbroken or rooted devices.
mobile T1617 Hooking Device attestation can often detect rooted devices.
mobile T1398 Modify OS Kernel or Boot Partition -
mobile T1576 Uninstall Malicious Application Attestation can detect rooted devices.
Back to top