💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected entity: MNO
  • Affected entity: DFS Provider
  • Affected entity: Third-party
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Unauthorized access to DFS data

The ability of an attacker to gain unauthorized access to DFS users' DFS data.

Risk: Unauthorized access to DFS user mobile data

Affected entity: MNO

  • Vulnerability: Inadequate user account access control mechanisms (SD: Access Control)

Risk: Interception of DFS data in transit

  • Vulnerability: Inherent SS7 security weakness[iii] (SD: Communication Security)

  • Vulnerability: Interception of MO-USSD transactions (SD: Communication Security)

  • Vulnerability: Unprotected sensitive traffic and weak encryption practices (SD: Communication Security)

Risk: Exposure of sensitive customer data occurs because of the following vulnerabilities.

Affected entity: DFS Provider

  • Vulnerability: Inadequate protection of DFS customer registration data. (SD: Authentication )

  • **Vulnerability:**Use of weak encryption. (SD: Communication Security)

  • Vulnerability: Inadequate DFS user access control and monitoring. (SD: Access Control)

  • Vulnerability: Inadequate DFS user access control monitoring. (SD: Access Control)

Affected entity: Third-party

  • Vulnerability: Failure perform data destruction/erasing before disposing of devices (SD: Privacy)

    a) Remove all tags and business identifiers.

    b) Where possible, develop a contract with an authorized vendor who can help securely dispose of electronic materials and components.

    c) Do not dispose of devices in trash containers or dumpsters associated with your business.

PreviousSIM attacksNextMalware

Last updated 2 years ago