💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected Entity: DFS Provider
  • Affected Entity: MNO
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Account and Session Hijacking

The general threat is the ability of an attacker to take control of an account or communication session. The vulnerabilities are manifested in different ways at the DFS provider and the MNO.

Affected Entity: DFS Provider

Risk: Data exposure and modification

  • Vulnerability: Inadequate controls on dormant accounts

Risk: Unauthorized account takeover

  • Vulnerability: Inadequate controls on dormant accounts

Risk: User impersonation

  • Vulnerability Failure to perform geographical location validation (SD: Communication security)

  • Vulnerability: Inadequate user verification of preferred user communication channels for DFS services (SD: Communication security)

Risk: Unauthorised access to user data and credentials

  • Vulnerability: Replay session based on tokens intercepted (SD: communication security)

  • Vulnerability: Weak encryption algorithms for password storage (SD: data confidentiality)

Affected Entity: MNO

Risk: Impersonation of authorised users occurs because of the following vulnerability

  • Vulnerability: Session timeouts not specified for DFS services

Risk: Unauthorized access to user data and credentials

  • Vulnerability: User credentials for DFS application are sent in inherently insecure ways like SMS or through agents (SD: data confidentiality)

PreviousDFS security vulnerabilities, threats and mitigation Measures In order to systematicalNextAttacks against systems and platforms

Last updated 2 years ago