M1004 System Partition Integrity
Ensure that Android devices being used include and enable the Verified Boot capability, which cryptographically ensures the integrity of the system partition.
| Item | Value |
|---|---|
| ID | M1004 |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 17 October 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1398 | Boot or Logon Initialization Scripts | Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. |
| mobile | T1645 | Compromise Client Software Binary | Android includes system partition integrity mechanisms that could detect unauthorized modifications. |
| mobile | T1625 | Hijack Execution Flow | Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.1 |
| mobile | T1625.001 | System Runtime API Hijacking | Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.1 |
| mobile | T1629 | Impair Defenses | System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files. |
| mobile | T1629.003 | Disable or Modify Tools | System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files. |
| mobile | T1474 | Supply Chain Compromise | - |
| mobile | T1474.003 | Compromise Software Supply Chain | Ensure Verified Boot is enabled on devices with that capability. |