Skip to content

Hide Navigation Hide TOC

Install Insecure or Malicious Configuration - T1478 (cde2cb84-455e-410c-8aa9-086f2788bcd2)

An adversary could attempt to install insecure or malicious configuration settings on the mobile device, through means such as phishing emails or text messages either directly containing the configuration settings as an attachment, or containing a web link to the configuration settings. The device user may be tricked into installing the configuration settings through social engineering techniques (Citation: Symantec-iOSProfile).

For example, an unwanted Certification Authority (CA) certificate could be placed in the device's trusted certificate store, increasing the device's susceptibility to adversary-in-the-middle network attacks seeking to eavesdrop on or manipulate the device's network communication (Eavesdrop on Insecure Network Communication and Manipulate Device Communication).

On iOS, malicious Configuration Profiles could contain unwanted Certification Authority (CA) certificates or other insecure settings such as unwanted proxy server or VPN settings to route the device's network traffic through an adversary's system. The device could also potentially be enrolled into a malicious Mobile Device Management (MDM) system (Citation: Talos-MDM).

Cluster A Galaxy A Cluster B Galaxy B Level
Install Insecure or Malicious Configuration - T1478 (cde2cb84-455e-410c-8aa9-086f2788bcd2) Attack Pattern Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 1
Subvert Trust Controls - T1632 (79cb02f4-ac4e-4335-8b51-425c9573cce1) Attack Pattern Code Signing Policy Modification - T1632.001 (fcb11f06-ce0e-490b-bcc1-04a1623579f0) Attack Pattern 2