T1461 Lockscreen Bypass
An adversary with physical access to a mobile device may seek to bypass the device’s lockscreen.
Biometric Spoofing
If biometric authentication is used, an adversary could attempt to spoof a mobile device’s biometric authentication mechanism123.
iOS partly mitigates this attack by requiring the device passcode rather than a fingerprint to unlock the device after every device restart and after 48 hours since the device was last unlocked 4. Android has similar mitigations.
Device Unlock Code Guessing or Brute Force
An adversary could attempt to brute-force or otherwise guess the lockscreen passcode (typically a PIN or password), including physically observing (“shoulder surfing”) the device owner’s use of the lockscreen passcode.
Exploit Other Device Lockscreen Vulnerabilities
Techniques have periodically been demonstrated that exploit vulnerabilities on Android 5, iOS 6, or other mobile devices to bypass the device lockscreen. The vulnerabilities are generally patched by the device/operating system vendor once they become aware of their existence.
| Item | Value |
|---|---|
| ID | T1461 |
| Sub-techniques | |
| Tactics | TA0027 |
| Platforms | Android, iOS |
| Version | 1.1 |
| Created | 25 October 2017 |
| Last Modified | 03 February 2019 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1012 | Enterprise Policy | Enterprises can provision policies to mobile devices to require a minimum complexity (length, etc.) for the device passcode. Enterprises can provision policies to mobile devices to cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. If desired, enterprises can provision policies to mobile devices to disallow biometric authentication. However, biometric authentication can help make “using a longer, more complex passcode far more practical because you don’t need to enter it as frequently.”7 |
| M1001 | Security Updates | - |
| M1006 | Use Recent OS Version | - |
References
-
SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December 23, 2016. ↩
-
Zack Martin. (2016, March 11). Another spoof of mobile biometrics. Retrieved September 18, 2018. ↩
-
Sean Keach. (2018, February 15). Brit mates BREAK Apple’s face unlock and vow to never buy iPhone again. Retrieved September 18, 2018. ↩
-
Apple. (2015, November 3). About Touch ID security on iPhone and iPad. Retrieved December 23, 2016. ↩
-
Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December 23, 2016. ↩
-
Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December 23, 2016. ↩
-
Apple. (2016, May). iOS Security. Retrieved December 21, 2016. ↩