💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected entity: Mobile user
  • Affected entity: DFS Provider
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Attacks against systems and platforms

We characterize these attacks as those that a remote adversary can carry out to spy on or modify information without insider credentials or other privileged access.

Affected entity: Mobile user

Risk: Spying and credentials stealing from user devices

  • Vulnerability: Unverified malicious binary SMS SIM updates (SD: authentication)

  • Vulnerability: Insecure transfer of customer credentials (SD: access control)

Risk: Account access, compromise and denial of service

  • Vulnerability: Exposure of internal network to external adversaries (SD: access control)

Affected entity: DFS Provider

Risk: Account access, compromise, and denial of service

  • Vulnerability: Insufficient protection of internal systems against external adversaries (SD: access control

PreviousAccount and Session HijackingNextCode Exploitation Attacks

Last updated 2 years ago