Mobile Threat Catalogue

Mobile Device Technology Stack


Mobile Operating System: Operating system specifically designed for a mobile device and running mobile applications.

Device Drivers: Firmware running on a mobile device often used to interact with device hardware and other peripherals (e.g., camera)

Isolated Execution Environments: Hardware- or Firmware-based environment built into the mobile device that may provide many capabilities such as trusted key storage, code verification, code integrity, and trusted execution for security relevant processes.

Boot Firmware: The firmware necessary to boot the mobile OS (i.e., bootloader), and may verify additional device initialization code, device drivers used for peripherals, and portions of the mobile OS - all before a user can use the device.

Baseband Subsystem: The collection of hardware and firmware used to access the cellular network, and may run a real-time operating system (RTOS).

SIM Card: This removable hardware token is a System on a Chip (SoC) housing the subscriber identity (i.e., International Mobile Subscriber Identity), pre-shared cryptographic keys, and configuration information needed to obtain access to cellular networks.

Secure Digital (SD) Card: A removable peripheral supported by some models of mobile devices. SD cards come in many form factors and are most often used for data storage, and may contain app binaries, app data, or user data. SD System on a Chip (SoC) peripherals, such as a Wi-Fi adapter, also exist.

Threat List

Mobile Operating System

Device Drivers

Isolated Execution Environments

Boot Firmware

Baseband Subsystem

SIM Card

SD Card