Home > CAPEC List > CAPEC-216: Communication Channel Manipulation (Version 2.11)  

CAPEC-216: Communication Channel Manipulation

Communication Channel Manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 216
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

+ Attack Prerequisites
  • The target application must leverage an open communications channel.

  • The channel on which the target communicates must be vulnerable to interception (e.g., man in the middle attack).

+ Resources Required

A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.

+ Solutions and Mitigations

Encrypt all sensitive communications using properly-configured cryptography.

Design the communication system such that it associates proper authentication/authorization with each channel/message.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Read application data
Modify application data
The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
Read application data
A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Attack_Prerequisites, Description Summary, Related_Attack_PatternsInternal
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_MitigationsInternal
Previous Entry Names
DatePrevious Entry Name
2015-12-07Abuse of Communication Channels

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017