Skip to content

T1430.001 Remote Device Management Services

An adversary may use access to cloud services (e.g. Google’s Android Device Manager or Apple iCloud’s Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.1

Item Value
ID T1430.001
Sub-techniques T1430.001, T1430.002
Tactics TA0035, TA0032
Platforms Android, iOS
Version 1.1
Created 05 April 2022
Last Modified 20 March 2023

Mitigations

ID Mitigation Description
M1012 Enterprise Policy If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment.
M1011 User Guidance Users should protect their account credentials and enable multi-factor authentication options when available.

Detection

ID Data Source Data Component
DS0042 User Interface System Notifications

References

  1. Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018.