Unauthorized access to DFS data
The ability of an attacker to gain unauthorized access to DFS users' DFS data.
Risk: Unauthorized access to DFS user mobile data
Affected entity: MNO
Vulnerability: Inadequate user account access control mechanisms (SD: Access Control)
Risk: Interception of DFS data in transit
Vulnerability: Inherent SS7 security weakness[iii] (SD: Communication Security)
Vulnerability: Interception of MO-USSD transactions (SD: Communication Security)
Vulnerability: Unprotected sensitive traffic and weak encryption practices (SD: Communication Security)
Risk: Exposure of sensitive customer data occurs because of the following vulnerabilities.
Affected entity: DFS Provider
Vulnerability: Inadequate protection of DFS customer registration data. (SD: Authentication )
**Vulnerability:**Use of weak encryption. (SD: Communication Security)
Vulnerability: Inadequate DFS user access control and monitoring. (SD: Access Control)
Vulnerability: Inadequate DFS user access control monitoring. (SD: Access Control)
Affected entity: Third-party
Vulnerability: Failure perform data destruction/erasing before disposing of devices (SD: Privacy)
a) Remove all tags and business identifiers.
b) Where possible, develop a contract with an authorized vendor who can help securely dispose of electronic materials and components.
c) Do not dispose of devices in trash containers or dumpsters associated with your business.