Remotely Wipe Data Without Authorization

An adversary who is able to obtain unauthorized access to or misuse authorized access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an EMM console could use that access to wipe enrolled devices [1].

ID: T1469
Sub-techniques:  No sub-techniques
Tactic Type: Without Adversary Device Access
Platforms: Android, iOS
MTC ID: ECO-5, EMM-7
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018
Provided by LAYER 8

Mitigations

ID Mitigation Description
M1011 User Guidance

Encourage users to protect their account credentials and to enable available multi-factor authentication options.

Detection

Google provides the ability for users to view their general account activity. Apple iCloud also provides notifications to users of account activity.

References