CAPEC-216: Communication Channel Manipulation
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
Last updated
Overview
CAPEC-216 (Communication Channel Manipulation) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The target application must leverage an open communications channel.
- The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
Resources required
- A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.
Consequences
What a successful CAPEC-216 attack can achieve.
Read Data, Modify Data, Other
Affects: Integrity
The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
Read Data
Affects: Confidentiality
A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.
How to mitigate it
Defenses that reduce the risk of CAPEC-216.
- Encrypt all sensitive communications using properly-configured cryptography.