Skip to content

T1640 Account Access Removal

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.

Item Value
ID T1640
Sub-techniques
Tactics TA0034
Platforms Android
Version 1.1
Created 06 April 2022
Last Modified 15 March 2023

Procedure Examples

ID Name Description
S0407 Monokle Monokle can reset the user’s password/PIN.1

Mitigations

ID Mitigation Description
M1011 User Guidance Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.

Detection

ID Data Source Data Component
DS0041 Application Vetting Permissions Requests

References

  1. Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.