Skip to content

T1399 Modify Trusted Execution Environment

If an adversary can escalate privileges, he or she may be able to use those privileges to place malicious code in the device’s Trusted Execution Environment (TEE) or other similar isolated execution environment where the code can evade detection, may persist after device resets, and may not be removable by the device user. Running code within the TEE may provide an adversary with the ability to monitor or tamper with overall device behavior.1

Item Value
ID T1399
Sub-techniques
Tactics TA0030, TA0028
Platforms Android
Version 1.1
Created 25 October 2017
Last Modified 03 February 2019

Mitigations

ID Mitigation Description
M1001 Security Updates -

References

  1. Thomas Roth. (2013). Next generation mobile rootkits. Retrieved December 21, 2016. 

  2. Apple. (2016, May). iOS Security. Retrieved December 21, 2016. 

Back to top