mobile-threat-catalogue
mobile-threat-catalogue copied to clipboard
usnistgov
NIST/NCCoE Mobile Threat Catalogue
add: consider the use of devices that support Android 10.0 or later, in which applications cannot access clipboard data unless the app is the device's main input method editor or...
add: Enterprise: - To reduce the opportunity for an attacker to exploit a patched vulnerability, ensure security updates are applied in a timely manner by configuring automated installation of or,...
General Comment ------------------------------------------ **Threat ID**: CEL-25 **Type of Comment**: T **Proposed Change**: Replace reference link two: https://www.nowsecure.com/blog/2012/09/25/remote-ussd-code-execution-on-android-devices/ With: https://www.nowsecure.com/blog/2017/09/24/remote-ussd-code-execution-on-android-devices/ **Justification**: The original reference link has since been updated and does...
New Threat **Threat Category**: **Threat**: Using AI to Hack Intelligent Personal Assistant (Google Voice Assistant, S Voice, Cortana, Alexa and Siri). Intelligence Personal Assistant has become increasingly popular. They have...
add: Consider the use of devices that support Android 11.0 and later, in which restrictions have been placed on when applications running in the background can start activities (Android 10)...
find links for references: 31, 75, 110, 141, 143, 169, 179, 181, 191, 201, 204, 235, 243, 252, 251 (yahoef)
replace https://media.blackhat.com/bh-ad-10/Nohl/BlackHat-AD-2010-Nohl-Attacking-Phone-Privacy-wp.pdf with: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.470.1482&rep=rep1&type=pdf
replace with: https://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Riley%20Hassell%20-%20Exploiting%20Androids%20for%20Fun%20and%20Profit.pdf