APP-26 · Mobile Threat Catalogue

Mobile Threat Catalogue

Exploits OS or lower-level vulnerability to achieve privilege escalation

Contribute

Threat Category: Malicious or privacy-invasive application

ID: APP-26

Threat Description: Malicious applications that achieve privilege escalation in the context of the mobile OS, driver, peripheral firmware, or the kernel, may further achieve unauthorized access or modification of app, user, or system data, process memory, or execute other unauthorized actions on the device.

Threat Origin

Dissecting Android Malware: Characterization and Evolution 1

Exploit Examples

Not Applicable

CVE Examples

Possible Countermeasures

Enterprise

Deploy MAM or MDM solutions with policies that prohibit the side-loading of apps, which may bypass security checks on the app.

Deploy MAM or MDM solutions with policies that prohibit the installation of apps from 3rd party (unofficial) app stores.

Use application threat intelligence data to identify apps that exploit the OS to achieve privilege escalation.

Use app-vetting tools or services to identify apps that exploit the OS to achieve privilege escalation.

To limit the opportunity for malicious apps to exploit known vulnerabilities, ensure timely installation of security updates.

Mobile Device User

Use the Android Verify Apps feature to identify potentially harmful apps.

To limit the opportunity for malicious apps to exploit known vulnerabilities, ensure timely installation of security updates.

References

  1. Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of the 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109; http://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016]