Dettaglio CAPEC-504

CAPEC-504

Task Impersonation
Medio
Alto
Stable
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Descrizioni CAPEC

An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges.

Informazioni CAPEC

Flusso di esecuzione

1) Explore

[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing sensitive information.

Tecnica
  • Determine what tasks prompt a user for their credentials.
  • Determine what tasks may prompt a user to authorize a process to execute with elevated privileges.
2) Exploit

[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials or to ride the user's privileges.

Tecnica
  • Prompt a user for their credentials, while making the user believe the credential request is legitimate.
  • Prompt a user to authorize a task to run with elevated privileges, while making the user believe the request is legitimate.

Prerequisiti

The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.
The user's privileges allow them to execute certain tasks with elevated privileges.

Competenze richieste

Once an adversary has gained access to the target system, impersonating a task is trivial.

Risorse richieste

Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate task.

Mitigazioni

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-1021

 Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Riferimenti

REF-434

Phishing on Mobile Devices
Adrienne Porter Felt, David Wagner.
https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated References
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Resources_Required, Skills_Required, Typical_Severity
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.