|T1466||Downgrade to Insecure Protocols|
An adversary could cause the mobile device to use less secure protocols, for example by jamming frequencies used by newer protocols such as LTE and only allowing older protocols such as GSM to communicate as described in NIST SP 800-187 . Use of less secure protocols may make communication easier to eavesdrop upon or manipulate.
|T1439||Eavesdrop on Insecure Network Communication|
If network traffic between the mobile device and remote servers is unencrypted or is encrypted in an insecure manner, then an adversary positioned on the network can eavesdrop on communication. For example, He et al. describe numerous healthcare-related applications that did not properly protect network communication.
|T1449||Exploit SS7 to Redirect Phone Calls/SMS|
An adversary could exploit signaling system vulnerabilities to redirect calls or text messages to a phone number under the attacker's control. The adversary could then act as a man-in-the-middle to intercept or manipulate the communication.
|T1450||Exploit SS7 to Track Device Location|
An adversary could exploit signaling system vulnerabilities to track the location of mobile devices.
|T1464||Jamming or Denial of Service|
An attacker could jam radio signals (e.g. Wi-Fi, cellular, GPS) to prevent the mobile device from communicating.
|T1463||Manipulate Device Communication|
If network traffic between the mobile device and a remote server is not securely protected, then an attacker positioned on the network may be able to manipulate network communication without being detected. For example, FireEye researchers found in 2014 that 68% of the top 1,000 free applications in the Google Play Store had at least one Transport Layer Security (TLS) implementation vulnerability potentially opening the applications' network traffic to man-in-the-middle attacks .
|T1467||Rogue Cellular Base Station|
An adversary could set up a rogue cellular base station and then use it to eavesdrop on or manipulate cellular device communication. For example, Ritter and DePerry of iSEC Partners demonstrated this technique using a compromised cellular femtocell at Black Hat USA 2013 .
|T1465||Rogue Wi-Fi Access Points|
An adversary could set up unauthorized Wi-Fi access points or compromise existing access points and, if the device connects to them, carry out network-based attacks such as eavesdropping on or modifying network communication as described in NIST SP 800-153 .
|T1451||SIM Card Swap|
An adversary could convince the mobile network operator (e.g. through social networking, forged identification, or insider attacks performed by trusted employees) to issue a new SIM card and associate it with an existing phone number and account . The adversary could then obtain SMS messages or hijack phone calls intended for someone else .