CAPEC-606: Weakening of Cellular Encryption

Detailed Draft 严重程度: High

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).

前提条件

Cellular devices that allow negotiating security modes to facilitate backwards compatibility and roaming on legacy networks.

所需技能

Medium Adversaries can purchase and implement rogue BTS stations at a cost effective rate, and can push a mobile device to downgrade to a non-secure cellular protocol like 2G over GSM or CDMA.

后果影响

影响范围: Confidentiality

技术影响: Other

说明: Tracking, Network Reconnaissance

缓解措施

Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.

Monitor cellular RF interface to detect the usage of weaker-than-expected cellular encryption.

关键信息

CAPEC ID: CAPEC-606

抽象级别: Detailed

状态: Draft

典型严重程度: High

CAPEC-606: Weakening of Cellular Encryption

攻击模式描述

前提条件

所需技能

后果影响

缓解措施

关键信息

相关攻击模式

相关CWE弱点

CAPEC-606: Weakening of Cellular Encryption

攻击模式描述

前提条件

所需技能

后果影响

缓解措施

关键信息

相关攻击模式

ChildOf CAPEC-620

相关CWE弱点