OS-vendor provided communication channels

From pre-attack
Jump to: navigation, search


OS-vendor provided communication channels
Technique
ID PRE-T1167
Tactic Adversary OPSEC

Definition

Google and Apple provide Google Cloud Messaging and Apple Push Notification Service, respectively, services designed to enable efficient communication between third-party mobile app backend servers and the mobile apps running on individual devices. These services maintain an encrypted connection between every mobile device and Google or Apple that cannot easily be inspected and must be allowed to traverse networks as part of normal device operation. These services could be used by adversaries for communication to compromised mobile devices.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: These are free services provided by Google and Apple to app developers, and information on how to use them is readily available.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: These services are heavily utilized by mainstream mobile app developers. High volume of communications makes it extremely hard for a defender to distinguish between legitimate and adversary communications.