Mobile Threat Catalogue

Operating System Downgrade

Contribute

Threat Category: Boot firmware

ID: STA-17

Threat Description: Downgrading the phone’s operating system may expose the device to previously patched security vulnerabilities.

Threat Origin

Not Applicable, See Exploit or CVE Examples

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

Use EMM/MDM solutions in combination with devices that can detect mobile OS verions and successfully block access to enterprise resources from devices running unapproved OS versions.

Consider the use of iOS devices; to prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Authorization. 1

References

  1. iOS Security: iOS 9.3 or later, white paper, Apple, 2016. www.apple.com/business/docs/iOS_Security_Guide.pdf [accessed 8/24/16].