New to CAPEC? Start Here
Home > CAPEC List > CAPEC-216: Communication Channel Manipulation (Version 3.9)  

CAPEC-216: Communication Channel Manipulation

Attack Pattern ID: 216
Abstraction: Meta
View customized information:
+ Description
An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.
+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
NatureTypeIDName
ParentOfStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.12Choosing Message Identifier
ParentOfStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.217Exploiting Incorrectly Configured SSL/TLS
CanPrecedeMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.94Adversary in the Middle (AiTM)
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Prerequisites
The target application must leverage an open communications channel.
The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
+ Resources Required
A tool that is capable of viewing network traffic and generating custom inputs to be used in the attack.
+ Consequences
Section HelpThis table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Integrity
Read Data
Modify Data
Other
Confidentiality
Read Data
+ Mitigations
Encrypt all sensitive communications using properly-configured cryptography.
Design the communication system such that it associates proper authentication/authorization with each channel/message.
+ Content History
Submissions
Submission DateSubmitterOrganization
2014-06-23
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2015-12-07
(Version 2.8)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Prerequisites, Description Summary, Related_Attack_Patterns
2017-05-01
(Version 2.10)
CAPEC Content TeamThe MITRE Corporation
Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_Required, Solutions_and_Mitigations
2021-06-24
(Version 3.5)
CAPEC Content TeamThe MITRE Corporation
Updated Prerequisites
2023-01-24
(Version 3.9)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns, Related_Weaknesses
Previous Entry Names
Change DatePrevious Entry Name
2015-12-07
(Version 2.8)
Abuse of Communication Channels
More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2018