CAPEC-610: Cellular Data Injection
Adversaries inject data into mobile technology traffic (data flows or signaling data) to disrupt communications or conduct additional surveillance operations.
Last updated
Overview
CAPEC-610 (Cellular Data Injection) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- None
Skills required
- High skill: Often achieved by nation states in conjunction with commercial cellular providers to conduct cellular traffic intercept and possible traffic injection.
Consequences
What a successful CAPEC-610 attack can achieve.
Resource Consumption
Affects: Availability
Attackers can disrupt or deny mobile technology communications and operations.
Modify Data
Affects: Availability
Attackers can inject false data into data or signaling system data flows of communications and operations, or re-route data flows or signaling data for the purpose of further data intercept and capture.
How to mitigate it
Defenses that reduce the risk of CAPEC-610.
- Commercial defensive technology to detect and alert to any attempts to modify mobile technology data flows or to inject new data into existing data flows and signaling data.