TA0029 Privilege Escalation
The adversary is trying to gain higher-level permissions.
Privilege escalation includes techniques that allow an attacker to obtain a higher level of permissions on the mobile device. Attackers may enter the mobile device with very limited privileges and may be required to take advantage of a device weakness to obtain higher privileges necessary to successfully carry out their mission objectives.
|Created||17 October 2018|
|Last Modified||27 January 2020|
|T1540||Code Injection||Adversaries may use code injection attacks to implant arbitrary code into the address space of a running application. Code is then executed or interpreted by that application. Adversaries utilizing this technique may exploit capabilities to load code in at runtime through dynamic libraries.|
|T1401||Device Administrator Permissions||Adversaries may request device administrator permissions to perform malicious actions.|
|T1404||Exploit OS Vulnerability||A malicious app can exploit unpatched vulnerabilities in the operating system to obtain escalated privileges.|
|T1405||Exploit TEE Vulnerability||A malicious app or other attack vector could be used to exploit vulnerabilities in code running within the Trusted Execution Environment (TEE) . The adversary could then obtain privileges held by the TEE potentially including the ability to access cryptographic keys or other sensitive data . Escalated operating system privileges may be first required in order to have the ability to attack the TEE . If not, privileges within the TEE can potentially be used to exploit the operating system .|