Exploit TEE Vulnerability (T1405)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Exploit TEE Vulnerability

Associated Tactics

  • Credential Access
  • Privilege Escalation

Credential Access (TA0031)

The adversary is trying to steal account names, passwords, or other secrets that enable access to resources. Credential access represents techniques that can be used by adversaries to obtain access to or control over passwords, tokens, cryptographic keys, or other values that could be used by an adversary to gain unauthorized access to resources. Credential access allows the adversary to assume the identity of an account, with all of that account's permissions on the system and network, and makes it harder for defenders to detect the adversary. With sufficient access within a network, an adversary can create accounts for later use within the environment.

View on ATT&CK

Procedure Examples

Description Source(s)
Jan-Erik Ekberg. (2015, September 10). Android and trusted execution environments. Retrieved December 9, 2016. EkbergTEE
Josh Thomas and Charles Holmes. (2015, September). An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture. Retrieved December 9, 2016. Thomas-TrustZone
laginimaineb. (2016, June). Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption. Retrieved December 9, 2016. QualcommKeyMaster
laginimaineb. (2016, May). War of the Worlds - Hijacking the Linux Kernel from QSEE. Retrieved December 21, 2016. laginimaineb-TEE
NIST Mobile Threat Catalogue