Home > CAPEC List > CAPEC-216: Communication Channel Manipulation (Version 2.10)  

CAPEC-216: Communication Channel Manipulation

 
Communication Channel Manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 216
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

+ Attack Prerequisites
  • The target application must leverage an open communications channel.

  • The channel on which the target communicates must be vulnerable to interception (e.g., man in the middle attack).

+ Resources Required

A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.

+ Solutions and Mitigations

Encrypt all sensitive communications using properly-configured cryptography.

Design the communication system such that it associates proper authentication/authorization with each channel/message.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Integrity
Read application data
Modify application data
Other
The adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
Confidentiality
Read application data
A successful Communication Channel Manipulation attack can result in sensitive information exposure to the adversary, thereby compromising the communication channel's confidentiality.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Attack_Prerequisites, Description Summary, Related_Attack_PatternsInternal
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_MitigationsInternal
Previous Entry Names
DatePrevious Entry Name
2015-12-07Abuse of Communication Channels
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017