mobile-threat-catalogue
mobile-threat-catalogue copied to clipboard
usnistgov
NIST/NCCoE Mobile Threat Catalogue
General Comment ------------------------------------------ STA-2 Current link doesn't work. Replace by: https://www.slideserve.com/debbie/one-root-to-own-them-all
**References**: - Here is the correct reference: [iOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break](https://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break) by Oleg Afonin
General Comment ----------------------------------------- Threat ID: Type of Comment: G Proposed Change: In response to issue #119, add a feature to link each threat to the attack technique at https://attack.mitre.org/wiki/All_Techniques. This...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application **Threat**: Decompiling IoT apps, looking for “secrets”, MiTM attacks on all communications **Threat...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application **Threat**: Analysis of SmartApps (Smart Home apps running on Mobile device) causing privilege...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application **Threat**: Inspecting, intercepting and controlling API requests between connected-car app running on mobile...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Payment **Threat**: Vulnerabilities of 3rd party payment API for code analysis/tampering and cryptographic key lifting attacks....
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application **Threat**: Copying, distributing and re-publishing the applications illegally. **Threat Origin**: None **Exploit Example**:...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application/Malicious or privacy-invasive application **Threat**: Installing malicious code or modifying program instructions to cause...
On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc. ## New Threat **Threat Category**: Application: Vulnerable Application **Threat**: Reverse engineering and analyzing the application binary to discover source-code, algorithms, sensitive...