💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected entity: Mobile User
  • Affected entity: MNO
  • Affected entity: Third-Party Providers
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Man-in-the-middle and social engineering attacks

We group these two types of attacks because they both involve an adversary actively interposing themselves into communication or interaction (e.g., between a user and device or MNO, or a communication interposition between parties)

Affected entity: Mobile User

Risk: Data exposure and modification

  • Vulnerability: Use of unverified and unsigned applications (SD: privacy, data integrity)

  • Vulnerability: Spamming such as unsolicited SMS messages, in-app advertisements, or e-mails (SD: data integrity)

  • Vulnerability: Insufficiently protected credentials (SD: access control)

Affected entity: MNO

Risk: Unauthorized access to user data

  • Vulnerability: Weak over-the-air encryption (SD: communication security)

Risk: User impersonation

  • Vulnerability: Failure to force Calling Line Identification & filtering (SD: communication security)

Risk: User account takeover

  • Vulnerability: Inadequate account configuration and authorisation controls (SD: authentication)

Affected entity: Third-Party Providers

Risk: Third party exposure of sensitive information

  • Vulnerability: Weak encryption algorithms used on data stored in the device and data transmitted (SD: privacy)

  • Vulnerability: Lack of encryption of communications (SD: communication security

  • Vulnerability: Handling & management of certificate or key materials (SD: access control)

Risk: Identity theft

  • Vulnerability: DFS Provider or MNO system failure leading to agents/third parties reverting to offline processes (SD: availability)

PreviousInsider AttacksNextCompromise of DFS Infrastructure

Last updated 2 years ago