CAPEC-623: Compromising Emanations Attack
Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.
Last updated
Overview
CAPEC-623 (Compromising Emanations Attack) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Proximal access to the device.
Skills required
- High skill: Sophisticated attack.
Consequences
What a successful CAPEC-623 attack can achieve.
Read Data
Affects: Confidentiality
Capture vibrations/emissions from the handset or retransmission device display screen to recreat display information from a distance.
How to mitigate it
Defenses that reduce the risk of CAPEC-623.
- None are known.
Frequently asked questions
Common questions about CAPEC-623.
- What is CAPEC-623?
- Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.
- How do you prevent CAPEC-623?
- None are known.
- What weaknesses does CAPEC-623 target?
- CAPEC-623 exploits 1 CWE weakness, including CWE-201 (Insertion of Sensitive Information Into Sent Data).
- How severe is CAPEC-623?
- MITRE rates CAPEC-623 as Low severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-623
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.