Detailed attack pattern
Draft
Log in
An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).
Last updated
CAPEC-606 (Weakening of Cellular Encryption) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What a successful CAPEC-606 attack can achieve.
Other
Affects: Confidentiality
Tracking, Network Reconnaissance
Defenses that reduce the risk of CAPEC-606.
Common questions about CAPEC-606.
An attacker, with control of a Cellular Rogue Base Station or through cooperation with a Malicious Mobile Network Operator can force the mobile device (e.g., the retransmission device) to use no encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode).
Use of hardened baseband firmware on retransmission device to detect and prevent the use of weak cellular encryption.
CAPEC-606 exploits 1 CWE weakness, including CWE-757 (Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')).
MITRE rates CAPEC-606 as High severity.
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.