User Guidance, Mitigation M1011 - Mobile

<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>User Guidance, Mitigation M1011 - Mobile | MITRE ATT&CK®</title>  <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body>  <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>  <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header>  <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent">  <div class='container-fluid h-100'> <div class='row h-100'> <div class="nav flex-column col-xl-2 col-lg-3 col-md-3 sidebar nav pt-5 pb-3 pl-3 border-right" id="v-tab" role="tablist" aria-orientation="vertical">  <div class="group-nav-desktop-view"> <span class="heading" id="v-home-tab" aria-selected="false">MITIGATIONS</span> <div class="sidenav"> <div class="sidenav-head " id="enterprise"> <a href="/versions/v9/mitigations/enterprise/"> Enterprise </a> <div class="expand-button collapsed" id="enterprise-header" data-toggle="collapse" data-target="#enterprise-body" aria-expanded="false" aria-controls="#enterprise-body"></div> </div> <div class="sidenav-body collapse" id="enterprise-body" aria-labelledby="enterprise-header"> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Account Use Policies"> <a href="/versions/v9/mitigations/M1036/"> Account Use Policies </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Active Directory Configuration"> <a href="/versions/v9/mitigations/M1015/"> Active Directory Configuration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Antivirus/Antimalware"> <a href="/versions/v9/mitigations/M1049/"> Antivirus/Antimalware </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Application Developer Guidance"> <a href="/versions/v9/mitigations/M1013/"> Application Developer Guidance </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Application Isolation and Sandboxing"> <a href="/versions/v9/mitigations/M1048/"> Application Isolation and Sandboxing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Audit"> <a href="/versions/v9/mitigations/M1047/"> Audit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Behavior Prevention on Endpoint"> <a href="/versions/v9/mitigations/M1040/"> Behavior Prevention on Endpoint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Boot Integrity"> <a href="/versions/v9/mitigations/M1046/"> Boot Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Code Signing"> <a href="/versions/v9/mitigations/M1045/"> Code Signing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Credential Access Protection"> <a href="/versions/v9/mitigations/M1043/"> Credential Access Protection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Data Backup"> <a href="/versions/v9/mitigations/M1053/"> Data Backup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Disable or Remove Feature or Program"> <a href="/versions/v9/mitigations/M1042/"> Disable or Remove Feature or Program </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Do Not Mitigate"> <a href="/versions/v9/mitigations/M1055/"> Do Not Mitigate </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Encrypt Sensitive Information"> <a href="/versions/v9/mitigations/M1041/"> Encrypt Sensitive Information </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Environment Variable Permissions"> <a href="/versions/v9/mitigations/M1039/"> Environment Variable Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Execution Prevention"> <a href="/versions/v9/mitigations/M1038/"> Execution Prevention </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Exploit Protection"> <a href="/versions/v9/mitigations/M1050/"> Exploit Protection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Filter Network Traffic"> <a href="/versions/v9/mitigations/M1037/"> Filter Network Traffic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Limit Access to Resource Over Network"> <a href="/versions/v9/mitigations/M1035/"> Limit Access to Resource Over Network </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Limit Hardware Installation"> <a href="/versions/v9/mitigations/M1034/"> Limit Hardware Installation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Limit Software Installation"> <a href="/versions/v9/mitigations/M1033/"> Limit Software Installation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Multi-factor Authentication"> <a href="/versions/v9/mitigations/M1032/"> Multi-factor Authentication </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Network Intrusion Prevention"> <a href="/versions/v9/mitigations/M1031/"> Network Intrusion Prevention </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Network Segmentation"> <a href="/versions/v9/mitigations/M1030/"> Network Segmentation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Operating System Configuration"> <a href="/versions/v9/mitigations/M1028/"> Operating System Configuration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Password Policies"> <a href="/versions/v9/mitigations/M1027/"> Password Policies </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Pre-compromise"> <a href="/versions/v9/mitigations/M1056/"> Pre-compromise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Privileged Account Management"> <a href="/versions/v9/mitigations/M1026/"> Privileged Account Management </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Privileged Process Integrity"> <a href="/versions/v9/mitigations/M1025/"> Privileged Process Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Remote Data Storage"> <a href="/versions/v9/mitigations/M1029/"> Remote Data Storage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Restrict File and Directory Permissions"> <a href="/versions/v9/mitigations/M1022/"> Restrict File and Directory Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Restrict Library Loading"> <a href="/versions/v9/mitigations/M1044/"> Restrict Library Loading </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Restrict Registry Permissions"> <a href="/versions/v9/mitigations/M1024/"> Restrict Registry Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Restrict Web-Based Content"> <a href="/versions/v9/mitigations/M1021/"> Restrict Web-Based Content </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Software Configuration"> <a href="/versions/v9/mitigations/M1054/"> Software Configuration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-SSL/TLS Inspection"> <a href="/versions/v9/mitigations/M1020/"> SSL/TLS Inspection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Threat Intelligence Program"> <a href="/versions/v9/mitigations/M1019/"> Threat Intelligence Program </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Update Software"> <a href="/versions/v9/mitigations/M1051/"> Update Software </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-User Account Control"> <a href="/versions/v9/mitigations/M1052/"> User Account Control </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-User Account Management"> <a href="/versions/v9/mitigations/M1018/"> User Account Management </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-User Training"> <a href="/versions/v9/mitigations/M1017/"> User Training </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="enterprise-Vulnerability Scanning"> <a href="/versions/v9/mitigations/M1016/"> Vulnerability Scanning </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="mobile"> <a href="/versions/v9/mitigations/mobile/"> Mobile </a> <div class="expand-button collapsed" id="mobile-header" data-toggle="collapse" data-target="#mobile-body" aria-expanded="false" aria-controls="#mobile-body"></div> </div> <div class="sidenav-body collapse" id="mobile-body" aria-labelledby="mobile-header"> <div class="sidenav"> <div class="sidenav-head" id="mobile-Application Developer Guidance"> <a href="/versions/v9/mitigations/M1013/"> Application Developer Guidance </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Application Vetting"> <a href="/versions/v9/mitigations/M1005/"> Application Vetting </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Attestation"> <a href="/versions/v9/mitigations/M1002/"> Attestation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Caution with Device Administrator Access"> <a href="/versions/v9/mitigations/M1007/"> Caution with Device Administrator Access </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Deploy Compromised Device Detection Method"> <a href="/versions/v9/mitigations/M1010/"> Deploy Compromised Device Detection Method </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Encrypt Network Traffic"> <a href="/versions/v9/mitigations/M1009/"> Encrypt Network Traffic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Enterprise Policy"> <a href="/versions/v9/mitigations/M1012/"> Enterprise Policy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Interconnection Filtering"> <a href="/versions/v9/mitigations/M1014/"> Interconnection Filtering </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Lock Bootloader"> <a href="/versions/v9/mitigations/M1003/"> Lock Bootloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Security Updates"> <a href="/versions/v9/mitigations/M1001/"> Security Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-System Partition Integrity"> <a href="/versions/v9/mitigations/M1004/"> System Partition Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="mobile-Use Recent OS Version"> <a href="/versions/v9/mitigations/M1006/"> Use Recent OS Version </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="mobile-User Guidance"> <a href="/versions/v9/mitigations/M1011/"> User Guidance </a> </div> </div> </div> </div> </div> <div class="group-nav-mobile-view"> <span class="heading" id="v-home-tab" aria-selected="false">MITIGATIONS</span> <div class="sidenav"> <div class="sidenav-head " id="Enterprise"> <a href="/versions/v9/mitigations/enterprise/"> Enterprise </a> <div class="expand-button collapsed" id="Enterprise-header" data-toggle="collapse" data-target="#Enterprise-body" aria-expanded="false" aria-controls="#Enterprise-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-body" aria-labelledby="Enterprise-header"> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4"> <span>A-C</span> <div class="expand-button collapsed" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-header" data-toggle="collapse" data-target="#Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-body" aria-expanded="false" aria-controls="#Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-body" aria-labelledby="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-b26518ef7e3e4a4f9b20008ff4552b4f"> <a href="/versions/v9/mitigations/M1036/"> Account Use Policies </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-a6c6636f696a44f9aae5832a7fbe3561"> <a href="/versions/v9/mitigations/M1015/"> Active Directory Configuration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-37df1053fe4249da8e26fda6d3af360a"> <a href="/versions/v9/mitigations/M1049/"> Antivirus/Antimalware </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-4e1d87f8cc704be9aeccda5a2f410f7d"> <a href="/versions/v9/mitigations/M1013/"> Application Developer Guidance </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-8796437fde6c45ac974cfadd24dfdb9f"> <a href="/versions/v9/mitigations/M1048/"> Application Isolation and Sandboxing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-89f7ccb4a1b74278ba05f5f593362a29"> <a href="/versions/v9/mitigations/M1047/"> Audit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-365044f73a824ba09883a5a45a63e2b3"> <a href="/versions/v9/mitigations/M1040/"> Behavior Prevention on Endpoint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-ebb4492d17604eaaa9add543e60731cc"> <a href="/versions/v9/mitigations/M1046/"> Boot Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-9bd049c3724c47a9be5fdf660067e611"> <a href="/versions/v9/mitigations/M1045/"> Code Signing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-cb3a2d149de84665b6c40f9e1f2c28b4-3be96c06f27048468fcfbc4fb5564ba6"> <a href="/versions/v9/mitigations/M1043/"> Credential Access Protection </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-13809a781f2244fdb72f26b0759b6e9b"> <span>D-F</span> <div class="expand-button collapsed" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-header" data-toggle="collapse" data-target="#Enterprise-13809a781f2244fdb72f26b0759b6e9b-body" aria-expanded="false" aria-controls="#Enterprise-13809a781f2244fdb72f26b0759b6e9b-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-body" aria-labelledby="Enterprise-13809a781f2244fdb72f26b0759b6e9b-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-6748c5d27b3f40fcbb68dfe2a35956b0"> <a href="/versions/v9/mitigations/M1053/"> Data Backup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-522db8f7d58643028c598b768f0045c9"> <a href="/versions/v9/mitigations/M1042/"> Disable or Remove Feature or Program </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-842722f6ecdf43c9b549bf7008fec5a7"> <a href="/versions/v9/mitigations/M1055/"> Do Not Mitigate </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-97750d5dd29045bfb1c73540916440d7"> <a href="/versions/v9/mitigations/M1041/"> Encrypt Sensitive Information </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-b9ade68745914394be98ee1ff35fe33a"> <a href="/versions/v9/mitigations/M1039/"> Environment Variable Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-b5925658ce4047448ddb2b647a76b94a"> <a href="/versions/v9/mitigations/M1038/"> Execution Prevention </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-73a9ee406d59460f922f2b02ccf042e8"> <a href="/versions/v9/mitigations/M1050/"> Exploit Protection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-13809a781f2244fdb72f26b0759b6e9b-84971b1e0bdb427a82b1c51cd996cc93"> <a href="/versions/v9/mitigations/M1037/"> Filter Network Traffic </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-fe29ba6e13b846c1a0d811eab685bab0"> <span>G-I</span> <div class="expand-button collapsed" id="Enterprise-fe29ba6e13b846c1a0d811eab685bab0-header" data-toggle="collapse" data-target="#Enterprise-fe29ba6e13b846c1a0d811eab685bab0-body" aria-expanded="false" aria-controls="#Enterprise-fe29ba6e13b846c1a0d811eab685bab0-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-fe29ba6e13b846c1a0d811eab685bab0-body" aria-labelledby="Enterprise-fe29ba6e13b846c1a0d811eab685bab0-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f"> <span>J-L</span> <div class="expand-button collapsed" id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-header" data-toggle="collapse" data-target="#Enterprise-3ca1ed2178404000a56c368cceb4cd3f-body" aria-expanded="false" aria-controls="#Enterprise-3ca1ed2178404000a56c368cceb4cd3f-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-body" aria-labelledby="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-3c3cb0b0e2e94c8d9e62ff223695bb48"> <a href="/versions/v9/mitigations/M1035/"> Limit Access to Resource Over Network </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-4827eac17f2448c2848b95ca6f6d942e"> <a href="/versions/v9/mitigations/M1034/"> Limit Hardware Installation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-3ca1ed2178404000a56c368cceb4cd3f-1956f373b40344f3802c2dbccd4ee1f4"> <a href="/versions/v9/mitigations/M1033/"> Limit Software Installation </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-ec73c64f1b7e4c70b469615970d4a045"> <span>M-O</span> <div class="expand-button collapsed" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-header" data-toggle="collapse" data-target="#Enterprise-ec73c64f1b7e4c70b469615970d4a045-body" aria-expanded="false" aria-controls="#Enterprise-ec73c64f1b7e4c70b469615970d4a045-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-body" aria-labelledby="Enterprise-ec73c64f1b7e4c70b469615970d4a045-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-fcf338ca00264971bde3a73571e6e956"> <a href="/versions/v9/mitigations/M1032/"> Multi-factor Authentication </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-2965ef908b02496b92af99dcb1f61ac3"> <a href="/versions/v9/mitigations/M1031/"> Network Intrusion Prevention </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-f21a43b85e644ae4b0bd01352b14edb9"> <a href="/versions/v9/mitigations/M1030/"> Network Segmentation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-ec73c64f1b7e4c70b469615970d4a045-9f0b4d356a0b42f3a8387c293481dff7"> <a href="/versions/v9/mitigations/M1028/"> Operating System Configuration </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-e848f5054baf4d6e9e5134b879536c3e"> <span>P-R</span> <div class="expand-button collapsed" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-header" data-toggle="collapse" data-target="#Enterprise-e848f5054baf4d6e9e5134b879536c3e-body" aria-expanded="false" aria-controls="#Enterprise-e848f5054baf4d6e9e5134b879536c3e-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-body" aria-labelledby="Enterprise-e848f5054baf4d6e9e5134b879536c3e-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-a093bbda18e14d76ae0d7a722e1aa49c"> <a href="/versions/v9/mitigations/M1027/"> Password Policies </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-c0591b37c51e4e74935af30ba017b0a4"> <a href="/versions/v9/mitigations/M1056/"> Pre-compromise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-21bda95641f041c0a603eb81526f944e"> <a href="/versions/v9/mitigations/M1026/"> Privileged Account Management </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-a70b7eae4b5f4a808fa657022cf89c5c"> <a href="/versions/v9/mitigations/M1025/"> Privileged Process Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-5aec17da01c945cebda1616cc777d435"> <a href="/versions/v9/mitigations/M1029/"> Remote Data Storage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-1c832cabff694d17b2044658ba6d1fb4"> <a href="/versions/v9/mitigations/M1022/"> Restrict File and Directory Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-48dc881e58b44cd3af337ff140242d50"> <a href="/versions/v9/mitigations/M1044/"> Restrict Library Loading </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-e8f57982a56f4c5193ab543d4b37f7f6"> <a href="/versions/v9/mitigations/M1024/"> Restrict Registry Permissions </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-e848f5054baf4d6e9e5134b879536c3e-cbf376d65b604634bc1e21efbff80910"> <a href="/versions/v9/mitigations/M1021/"> Restrict Web-Based Content </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-17d3e8f462f84419b88db26ec4991e4e"> <span>S-U</span> <div class="expand-button collapsed" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-header" data-toggle="collapse" data-target="#Enterprise-17d3e8f462f84419b88db26ec4991e4e-body" aria-expanded="false" aria-controls="#Enterprise-17d3e8f462f84419b88db26ec4991e4e-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-body" aria-labelledby="Enterprise-17d3e8f462f84419b88db26ec4991e4e-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-49b9c49c65e04687bf4cbc442218cb8c"> <a href="/versions/v9/mitigations/M1054/"> Software Configuration </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-b6497cb5fcf649c7b844a0aff1d57d36"> <a href="/versions/v9/mitigations/M1020/"> SSL/TLS Inspection </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-b99e55cc47ae477abbc13165c911bac6"> <a href="/versions/v9/mitigations/M1019/"> Threat Intelligence Program </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-c8e7863ca22d42a5bea3629e9ba52966"> <a href="/versions/v9/mitigations/M1051/"> Update Software </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-df2acab411ec44f9be382802b027bccb"> <a href="/versions/v9/mitigations/M1052/"> User Account Control </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-f33c4d4d715b4e9fa4d8022cabdaaca4"> <a href="/versions/v9/mitigations/M1018/"> User Account Management </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-17d3e8f462f84419b88db26ec4991e4e-4f145dcaa08b4ddeab3a42a423a863ca"> <a href="/versions/v9/mitigations/M1017/"> User Training </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-b03d09f5250a4307b0976fdcfab12f70"> <span>V-X</span> <div class="expand-button collapsed" id="Enterprise-b03d09f5250a4307b0976fdcfab12f70-header" data-toggle="collapse" data-target="#Enterprise-b03d09f5250a4307b0976fdcfab12f70-body" aria-expanded="false" aria-controls="#Enterprise-b03d09f5250a4307b0976fdcfab12f70-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-b03d09f5250a4307b0976fdcfab12f70-body" aria-labelledby="Enterprise-b03d09f5250a4307b0976fdcfab12f70-header"> <div class="sidenav"> <div class="sidenav-head" id="Enterprise-b03d09f5250a4307b0976fdcfab12f70-16754c6fa0b4455c9c1bf2f1b2938e42"> <a href="/versions/v9/mitigations/M1016/"> Vulnerability Scanning </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Enterprise-3aedccf4b4014865899b01c6b7d95d81"> <span>Y-Z</span> <div class="expand-button collapsed" id="Enterprise-3aedccf4b4014865899b01c6b7d95d81-header" data-toggle="collapse" data-target="#Enterprise-3aedccf4b4014865899b01c6b7d95d81-body" aria-expanded="false" aria-controls="#Enterprise-3aedccf4b4014865899b01c6b7d95d81-body"></div> </div> <div class="sidenav-body collapse" id="Enterprise-3aedccf4b4014865899b01c6b7d95d81-body" aria-labelledby="Enterprise-3aedccf4b4014865899b01c6b7d95d81-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile"> <a href="/versions/v9/mitigations/mobile/"> Mobile </a> <div class="expand-button collapsed" id="Mobile-header" data-toggle="collapse" data-target="#Mobile-body" aria-expanded="false" aria-controls="#Mobile-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-body" aria-labelledby="Mobile-header"> <div class="sidenav"> <div class="sidenav-head " id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1"> <span>A-C</span> <div class="expand-button collapsed" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-header" data-toggle="collapse" data-target="#Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-body" aria-expanded="false" aria-controls="#Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-body" aria-labelledby="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-header"> <div class="sidenav"> <div class="sidenav-head" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-0e584d21760e46a3b2c84ceb8a8df29e"> <a href="/versions/v9/mitigations/M1013/"> Application Developer Guidance </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-b04c6cf9b2c04ab3b2845d57ba67c9eb"> <a href="/versions/v9/mitigations/M1005/"> Application Vetting </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-5668ab8664a749dd8dab0b64e16b4cb6"> <a href="/versions/v9/mitigations/M1002/"> Attestation </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-c0c2f593de8d4be5ba1c1cec5075d6a1-ebb4f5601a864cc9a9eb45dca2c76ba2"> <a href="/versions/v9/mitigations/M1007/"> Caution with Device Administrator Access </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-974c7cdf3eac484db432f8698f365acd"> <span>D-F</span> <div class="expand-button collapsed" id="Mobile-974c7cdf3eac484db432f8698f365acd-header" data-toggle="collapse" data-target="#Mobile-974c7cdf3eac484db432f8698f365acd-body" aria-expanded="false" aria-controls="#Mobile-974c7cdf3eac484db432f8698f365acd-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-974c7cdf3eac484db432f8698f365acd-body" aria-labelledby="Mobile-974c7cdf3eac484db432f8698f365acd-header"> <div class="sidenav"> <div class="sidenav-head" id="Mobile-974c7cdf3eac484db432f8698f365acd-c0a1f8c7bac1431482c6edbce4e1fb7e"> <a href="/versions/v9/mitigations/M1010/"> Deploy Compromised Device Detection Method </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-974c7cdf3eac484db432f8698f365acd-8955ce326e564e24ac239cbe690037be"> <a href="/versions/v9/mitigations/M1009/"> Encrypt Network Traffic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-974c7cdf3eac484db432f8698f365acd-e9b782cedc674885a328e8286164268e"> <a href="/versions/v9/mitigations/M1012/"> Enterprise Policy </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-e7e19d468f7840429d15ad34983e34d1"> <span>G-I</span> <div class="expand-button collapsed" id="Mobile-e7e19d468f7840429d15ad34983e34d1-header" data-toggle="collapse" data-target="#Mobile-e7e19d468f7840429d15ad34983e34d1-body" aria-expanded="false" aria-controls="#Mobile-e7e19d468f7840429d15ad34983e34d1-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-e7e19d468f7840429d15ad34983e34d1-body" aria-labelledby="Mobile-e7e19d468f7840429d15ad34983e34d1-header"> <div class="sidenav"> <div class="sidenav-head" id="Mobile-e7e19d468f7840429d15ad34983e34d1-102cde30bc0447a1a84afef4935af8c7"> <a href="/versions/v9/mitigations/M1014/"> Interconnection Filtering </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-5345a9cc0d114728bf7ec50fd1896d43"> <span>J-L</span> <div class="expand-button collapsed" id="Mobile-5345a9cc0d114728bf7ec50fd1896d43-header" data-toggle="collapse" data-target="#Mobile-5345a9cc0d114728bf7ec50fd1896d43-body" aria-expanded="false" aria-controls="#Mobile-5345a9cc0d114728bf7ec50fd1896d43-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-5345a9cc0d114728bf7ec50fd1896d43-body" aria-labelledby="Mobile-5345a9cc0d114728bf7ec50fd1896d43-header"> <div class="sidenav"> <div class="sidenav-head" id="Mobile-5345a9cc0d114728bf7ec50fd1896d43-dcc35a04a45f4d23a5f382603034b26e"> <a href="/versions/v9/mitigations/M1003/"> Lock Bootloader </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-8efc4def5f19457a9fc44ee46eb76b72"> <span>M-O</span> <div class="expand-button collapsed" id="Mobile-8efc4def5f19457a9fc44ee46eb76b72-header" data-toggle="collapse" data-target="#Mobile-8efc4def5f19457a9fc44ee46eb76b72-body" aria-expanded="false" aria-controls="#Mobile-8efc4def5f19457a9fc44ee46eb76b72-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-8efc4def5f19457a9fc44ee46eb76b72-body" aria-labelledby="Mobile-8efc4def5f19457a9fc44ee46eb76b72-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-98b878fc60de4b86963babecaeb73561"> <span>P-R</span> <div class="expand-button collapsed" id="Mobile-98b878fc60de4b86963babecaeb73561-header" data-toggle="collapse" data-target="#Mobile-98b878fc60de4b86963babecaeb73561-body" aria-expanded="false" aria-controls="#Mobile-98b878fc60de4b86963babecaeb73561-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-98b878fc60de4b86963babecaeb73561-body" aria-labelledby="Mobile-98b878fc60de4b86963babecaeb73561-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-bed9852c56de41ae9dd939086cf869d9"> <span>S-U</span> <div class="expand-button collapsed" id="Mobile-bed9852c56de41ae9dd939086cf869d9-header" data-toggle="collapse" data-target="#Mobile-bed9852c56de41ae9dd939086cf869d9-body" aria-expanded="false" aria-controls="#Mobile-bed9852c56de41ae9dd939086cf869d9-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-bed9852c56de41ae9dd939086cf869d9-body" aria-labelledby="Mobile-bed9852c56de41ae9dd939086cf869d9-header"> <div class="sidenav"> <div class="sidenav-head" id="Mobile-bed9852c56de41ae9dd939086cf869d9-1b8512beb13c459bb735930277e2fce1"> <a href="/versions/v9/mitigations/M1001/"> Security Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-bed9852c56de41ae9dd939086cf869d9-91eb331fad5747b8b4aa6600862af8cb"> <a href="/versions/v9/mitigations/M1004/"> System Partition Integrity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mobile-bed9852c56de41ae9dd939086cf869d9-22e3bfdcf1eb4efebe8afee057deba34"> <a href="/versions/v9/mitigations/M1006/"> Use Recent OS Version </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="Mobile-bed9852c56de41ae9dd939086cf869d9-32cfecab7d8a4067bcbc16643468aa3a"> <a href="/versions/v9/mitigations/M1011/"> User Guidance </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-0a2bc3893e1d4798a1d9db0e6180f818"> <span>V-X</span> <div class="expand-button collapsed" id="Mobile-0a2bc3893e1d4798a1d9db0e6180f818-header" data-toggle="collapse" data-target="#Mobile-0a2bc3893e1d4798a1d9db0e6180f818-body" aria-expanded="false" aria-controls="#Mobile-0a2bc3893e1d4798a1d9db0e6180f818-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-0a2bc3893e1d4798a1d9db0e6180f818-body" aria-labelledby="Mobile-0a2bc3893e1d4798a1d9db0e6180f818-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="Mobile-c142adcd714545a19ac7cecfb1ab3a1e"> <span>Y-Z</span> <div class="expand-button collapsed" id="Mobile-c142adcd714545a19ac7cecfb1ab3a1e-header" data-toggle="collapse" data-target="#Mobile-c142adcd714545a19ac7cecfb1ab3a1e-body" aria-expanded="false" aria-controls="#Mobile-c142adcd714545a19ac7cecfb1ab3a1e-body"></div> </div> <div class="sidenav-body collapse" id="Mobile-c142adcd714545a19ac7cecfb1ab3a1e-body" aria-labelledby="Mobile-c142adcd714545a19ac7cecfb1ab3a1e-header"> <div class="sidenav"> <span>No mitigations</span> </div> </div> </div> </div> </div> </div>  </div> <div class="tab-content col-xl-10 col-lg-9 col-md-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/mitigations">Mitigations</a></li> <li class="breadcrumb-item">User Guidance</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> User Guidance </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p>Describes any guidance or training given to users to set particular configuration settings or avoid specific potentially risky behaviors.</p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div class="card-data"><span class="h5 card-title">ID:</span> M1011</div> <div class="card-data"><span class="h5 card-title">Version:</span> 1.0</div> <div class="card-data"><span class="h5 card-title">Created: </span>18 October 2019</div> <div class="card-data"><span class="h5 card-title">Last Modified: </span>18 October 2019</div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of M1011" href="/versions/v9/mitigations/M1011/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of M1011" href="/mitigations/M1011/" data-test-ignore="true">Live Version</a> </div> </div> </div> </div>  <div class="dropdown h3 mt-3 float-right"> <button class="btn btn-navy dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>ATT&CK<sup>®</sup> Navigator Layers</b> </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <h6 class="dropdown-header">Mobile Layer</h6> <a class="dropdown-item" href="/versions/v9/mitigations/M1011/M1011-mobile-layer.json" download target="_blank">download</a>  <a class="dropdown-item" href="#" id="view-layer-on-navigator-mobile" target="_blank">view <img width="10" src="/versions/v9/theme/images/external-site-dark.jpeg"></a> <script src="/versions/v9/theme/scripts/settings.js"></script> <script> if (window.location.protocol == "https:") { //view on navigator only works when this site is hosted on HTTPS layerURL = window.location.protocol + "//" + window.location.host + base_url + "mitigations/M1011/M1011-mobile-layer.json"; document.getElementById("view-layer-on-navigator-mobile").href = "https://mitre-attack.github.io/attack-navigator//#layerURL=" + encodeURIComponent(layerURL); } else { //hide button document.getElementById("view-layer-on-navigator-mobile").classList.add("d-none"); } </script> </div> </div>  <h2 class="pt-3" id="techniques">Techniques Addressed by Mitigation</h2> <table class="table techniques-used table-bordered mt-2"> <thead> <tr> <th class="p-2" scope="col">Domain</th> <th class="p-2" colspan="2">ID</th> <th class="p-2" scope="col">Name</th> <th class="p-2" scope="col">Use</th> </tr> </thead> <tbody> <tr class="technique" id="uses-T1427"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1427">T1427</a> </td> <td> <a href="/versions/v9/techniques/T1427">Attack PC via USB Connection</a> </td> <td> <p>Advise users to only connect mobile devices to PCs when a justified need exists (e.g., mobile app development and debugging).</p> </td> </tr> <tr class="technique" id="uses-T1447"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1447">T1447</a> </td> <td> <a href="/versions/v9/techniques/T1447">Delete Device Data</a> </td> <td> <p>Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.</p> </td> </tr> <tr class="technique" id="uses-T1475"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1475">T1475</a> </td> <td> <a href="/versions/v9/techniques/T1475">Deliver Malicious App via Authorized App Store</a> </td> <td> <p>Encourage developers to protect their account credentials and enable multi-factor authentication if available. Encourage developers to protect their signing keys.</p> </td> </tr> <tr class="technique" id="uses-T1476"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1476">T1476</a> </td> <td> <a href="/versions/v9/techniques/T1476">Deliver Malicious App via Other Means</a> </td> <td> <p>iOS 9 and above requires explicit user consent before allowing installation of applications signed with enterprise distribution keys rather than installed from Apple's App Store. Users should be encouraged to not agree to installation of applications signed with enterprise distribution keys unless absolutely certain of the source of the application. On Android, the "Unknown Sources" setting must be enabled for users to install apps from sources other than an authorized app store (such as the Google Play Store), so users should be encouraged not to enable that setting.</p> </td> </tr> <tr class="technique" id="uses-T1401"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1401">T1401</a> </td> <td> <a href="/versions/v9/techniques/T1401">Device Administrator Permissions</a> </td> <td> <p>Users should be told that it is very rare for an app to request device administrator permissions, and that any requests for the permissions should be scrutinized. </p> </td> </tr> <tr class="technique" id="uses-T1458"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1458">T1458</a> </td> <td> <a href="/versions/v9/techniques/T1458">Exploit via Charging Station or PC</a> </td> <td> <p>Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.</p> </td> </tr> <tr class="technique" id="uses-T1541"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1541">T1541</a> </td> <td> <a href="/versions/v9/techniques/T1541">Foreground Persistence</a> </td> <td> <p>If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.</p> </td> </tr> <tr class="technique" id="uses-T1581"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1581">T1581</a> </td> <td> <a href="/versions/v9/techniques/T1581">Geofencing</a> </td> <td> <p>Users should be advised to be extra scrutinous of applications that request location permissions, and to deny any permissions requests for applications they do not recognize.</p> </td> </tr> <tr class="technique" id="uses-T1417"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1417">T1417</a> </td> <td> <a href="/versions/v9/techniques/T1417">Input Capture</a> </td> <td> <p>Users should be weary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration and accessibility permissions requests.</p> </td> </tr> <tr class="technique" id="uses-T1516"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1516">T1516</a> </td> <td> <a href="/versions/v9/techniques/T1516">Input Injection</a> </td> <td> <p>Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.</p> </td> </tr> <tr class="technique" id="uses-T1478"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1478">T1478</a> </td> <td> <a href="/versions/v9/techniques/T1478">Install Insecure or Malicious Configuration</a> </td> <td> <p>Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning).</p> </td> </tr> <tr class="technique" id="uses-T1444"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1444">T1444</a> </td> <td> <a href="/versions/v9/techniques/T1444">Masquerade as Legitimate Application</a> </td> <td> <p>Users should be encouraged to only install apps from authorized app stores, which are less likely to contain malicious repackaged apps.</p> </td> </tr> <tr class="technique" id="uses-T1470"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1470">T1470</a> </td> <td> <a href="/versions/v9/techniques/T1470">Obtain Device Cloud Backups</a> </td> <td> <p>Encourage users to protect their account credentials and to enable available multi-factor authentication options.</p> </td> </tr> <tr class="technique" id="uses-T1468"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1468">T1468</a> </td> <td> <a href="/versions/v9/techniques/T1468">Remotely Track Device Without Authorization</a> </td> <td> <p>Encourage users to protect their account credentials and to enable available multi-factor authentication options.</p> </td> </tr> <tr class="technique" id="uses-T1469"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1469">T1469</a> </td> <td> <a href="/versions/v9/techniques/T1469">Remotely Wipe Data Without Authorization</a> </td> <td> <p>Encourage users to protect their account credentials and to enable available multi-factor authentication options.</p> </td> </tr> <tr class="technique" id="uses-T1513"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1513">T1513</a> </td> <td> <a href="/versions/v9/techniques/T1513">Screen Capture</a> </td> <td> <p>Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required.</p> </td> </tr> <tr class="technique" id="uses-T1582"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1582">T1582</a> </td> <td> <a href="/versions/v9/techniques/T1582">SMS Control</a> </td> <td> <p>Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="SMS KitKat"><sup><a href="https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a></sup></span></p> </td> </tr> <tr class="technique" id="uses-T1576"> <td> Mobile </td> <td colspan="2"> <a href="/versions/v9/techniques/T1576">T1576</a> </td> <td> <a href="/versions/v9/techniques/T1576">Uninstall Malicious Application</a> </td> <td> <p>Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.</p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="references">References</h2> <div class="row"> <div class="col"> <ol> <li> <span id="scite-1" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-1" href="https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html" target="_blank"> S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020. </a> </span> </span> </li> </ol> </div> <div class="col"> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div>  <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner">  <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">×</div> </div> </div>  <div id="search-body" class="search-body"> <div class="results" id="search-results">  </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> 漏 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&CK content version 9.0Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100">  <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div>  <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?633"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script>  <script src="/versions/v9/theme/scripts/navigation.js"></script> </body> </html>

CINXE.COM

User Guidance, Mitigation M1011 - Mobile | MITRE ATT&CK®