T1430.001 Remote Device Management Services
An adversary may use access to cloud services (e.g. Google’s Android Device Manager or Apple iCloud’s Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.
Mitigations
ID |
Mitigation |
Description |
M1012 |
Enterprise Policy |
If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. |
M1011 |
User Guidance |
Users should protect their account credentials and enable multi-factor authentication options when available. |
Detection
References