💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Attacks against credentials

We broadly characterize these threats as those designed to steal or tamper with the credentials for users of DFS systems and mobile devices

Affected entities: Mobile User

Risk: Unauthorized access and takeover

  • Vulnerability: Use of weak passwords/PINs at the application level, making these credentials susceptible to brute-force attacks (SD: authentication)

  • Vulnerability: Use of simple PINs for accessing the mobile device (SD: authentication)

Risk: Credential-stealing through Man in the Middle attacks

  • vulnerability: Server misconfiguration (SD: authentication)

Risk: DFS system compromise

  • Vulnerability Failure to perform login monitoring, leaving systems susceptible to brute force attacks (SD: access control)

PreviousZero-Day Attacks

Last updated 2 years ago