T1642: Endpoint Denial of Service
Essential information
- MITRE technique ID
T1642- Confidence
- 100/100
- Revoked
- No
- Published
- 06/04/2022 15:52
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
android iOS
Description
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
On Android versions prior to 7, apps can abuse Device Administrator access to reset the device lock passcode, preventing the user from unlocking the device. After Android 7, only device or profile owners (e.g. MDMs) can reset the device’s passcode.(Citation: Android resetPassword)
On iOS devices, this technique does not work because mobile device management servers can only remove the screen lock passcode; they cannot set a new passcode. However, on jailbroken devices, malware has been discovered that can lock the user out of the device.(Citation: Xiao-KeyRaider)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | impact |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.