mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
fix: [fight] fix duplicates
This commit is contained in:
parent
fcc88613e4
commit
6341ffce68
1 changed files with 0 additions and 84 deletions
|
@ -6456,90 +6456,6 @@
|
|||
"uuid": "0551e810-74ac-5a51-82c1-abaebeb3dfd4",
|
||||
"value": "Self Location Measurement"
|
||||
},
|
||||
{
|
||||
"description": "An adversary may position itself on the radio interface, to support follow-on behaviors such as [Network Sniffing](/techniques/FGT1040) or [Transmitted Data Manipulation](/techniques/FGT1565.002).\r\n\r\nAdversary can deploy a fake gNB, eNB (a 4G base station) or WiFi access point, or a back-to-back fake gNB-UE combination to act as an adversary-in-the-middle, in order to intercept, inject and possibly modify communication and relay communication to and from intended recipient over the radio interface. \r\n\r\nThis attack assumes the following to have taken place: the UE has been bid-down (see [Bid down UE](/techniques/FGT1562.501)) to a less secure Radio Access Network such as 4G, or the UE connects to an eNB because the network is 5G Non-Standalone, or due to EPS fallback, or the UE connects to a WiFi access point (to access 5G services).",
|
||||
"meta": {
|
||||
"architecture-segment": "RAN",
|
||||
"bluf": "An adversary may position itself on the radio interface, to support follow-on behaviors such as [Network Sniffing](/techniques/FGT1040) or [Transmitted Data Manipulation](/techniques/FGT1565.002).",
|
||||
"criticalassets": [
|
||||
{
|
||||
"Description": "All signaling transmitted to and from subscriber can be modified or intercepted in the clear",
|
||||
"Name": "Subscriber signaling"
|
||||
},
|
||||
{
|
||||
"Description": "UE/subscriber geographical location can be intercepted.",
|
||||
"Name": "UE location"
|
||||
},
|
||||
{
|
||||
"Description": "All data and voice transmitted to and from subscriber can be modified or intercepted in the clear",
|
||||
"Name": "Subscriber traffic"
|
||||
}
|
||||
],
|
||||
"detections": [
|
||||
{
|
||||
"detects": "UE measurements of received power levels from all base stations nearby, and their identifiers Reference clause 6.24 of [3]",
|
||||
"fgdsid": "FGDS5002",
|
||||
"name": "UE signal measurements"
|
||||
}
|
||||
],
|
||||
"external_id": "FGT1557.501",
|
||||
"kill_chain": [
|
||||
"fight:Collection",
|
||||
"fight:Credential-Access"
|
||||
],
|
||||
"mitigations": [],
|
||||
"object-type": "technique",
|
||||
"platforms": "5G",
|
||||
"postconditions": [
|
||||
{
|
||||
"Description": "Transient technique; works only as long as adversary-in-the-middle is able to retain connection.",
|
||||
"Name": "Temporary loss of subscriber data confidentiality or integrity."
|
||||
}
|
||||
],
|
||||
"preconditions": [
|
||||
{
|
||||
"Description": "Subscriber security profile must allow bidding down to less secure service OR system must employ null integrity or encryption.",
|
||||
"Name": "Permissive subscriber security profile OR system employs null integrity or encryption."
|
||||
}
|
||||
],
|
||||
"procedureexamples": [
|
||||
{
|
||||
"Description": "The adversary employs a back to back gNB-UE combination. When UE security profile allows bidding down, or the UE connects to 4G due to EPS fallback, or to WiFi, an adversary acts as an adversary-in-the-middle to intercept and possibly modify communication to and from intended recipient.",
|
||||
"Name": "Adversary-in-the-Middle on air interface for a given UE"
|
||||
},
|
||||
{
|
||||
"Description": "Alternatively, if the 5G system employs null integrity or encryption, subscriber data traffic can be eavesdropped or modified in transit over the air interface",
|
||||
"Name": "Adversary-in-the-Middle on air interface for any UE"
|
||||
},
|
||||
{
|
||||
"Description": "Adversary uses a fake base station to broadcast spoofed configuration messages to UEs nearby. Reference [3] (appendix B) contains a taxonomy of attacks against 5G UEs, passive and active. One concerns message attacks (fake MIB/SIB – Master Information Block/System Information Block)",
|
||||
"Name": "Spoofed configuration messages from fake base station"
|
||||
}
|
||||
],
|
||||
"refs": [
|
||||
"[1] European Union Agency for Cybersecurity (ENISA : “ENISA Threat Landscape for 5G Networks” Report, section 4.4, December 2020. - https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks",
|
||||
"[2] Hu, X. et al: “A Systematic Analysis Method for 5G Non-Access Stratum Signalling Security”, August 2019 - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8817957",
|
||||
"[3] 3rd Generation Partnership Project (3GPP TR 33.809: “Study on 5G security enhancements against False Base Stations (FBS ”, Technical Report, v0.18.0, February 2022. - https://www.3gpp.org/DynaReport/33809.htm",
|
||||
"https://fight.mitre.org/data%20sources/FGDS5002",
|
||||
"https://fight.mitre.org/techniques/FGT1557.501"
|
||||
],
|
||||
"status": "Observed in earlier 3GPP generations and expected in 5G.",
|
||||
"subtechnique-of": "FGT1557",
|
||||
"typecode": "fight_subtechnique_to_attack_technique"
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "fa9ee8fb-7f25-554c-9682-0e50e774812d",
|
||||
"type": "detected-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5ecccab0-9d6d-504c-92c4-408091a3c114",
|
||||
"type": "subtechnique-of"
|
||||
}
|
||||
],
|
||||
"uuid": "125336d2-ca71-57b5-a46e-faca5013c555",
|
||||
"value": "Radio interface"
|
||||
},
|
||||
{
|
||||
"description": "A malicious app consumes subscriber data allocation to deny or degrade service to that UE. \r\n\r\nA malicious application might consume a UE's limited data plan, denying or throttling service.",
|
||||
"meta": {
|
||||
|
|
Loading…
Reference in a new issue