mobile-threat-catalogue
mobile-threat-catalogue copied to clipboard
usnistgov
NIST/NCCoE Mobile Threat Catalogue
## General Comment **Threat ID**: STA-10 and STA-12 **Type of Comment**: G **Proposed Change**: Combine these two threats into one **Justification**: These threats are essentially the same. Also, they should...
## General Comment **Threat ID**: STA-18 **Type of Comment**: T **Proposed Change**: New countermeasures: Encourage vendor use of device architectures that limit trust between the baseband processor and application processor....
## General Comment **Threat ID**: STA-0, STA-2, possibly others. **Type of Comment**: T **Proposed Change**: Change "committed to providing timely updates" to "committed to providing timely updates for an appropriately...
## New Threat **Threat Category**: Stack, but probably applies to almost all the other categories too. Suggested by industry participants at workshop **Threat**: Reverse engineering of published patches to find...
**Threat ID**: STA-0 STA-1 STA-2 STA-4 **Type of Comment**: T **Proposed Change**: Change "block enterprise connectivity to "limit enterprise connectivity" **Justification**: Vulnerable devices may still need some limited enterprise connectivity,...
## General Comment **Threat ID**: None **Type of Comment**: Enter the letter that best describes the nature of your comment - G - General **Proposed Change**: Some threats presented are...
## General Comment **Threat ID**: STA-27 **Type of Comment**: T **Proposed Change**: Suggest removing or rephrasing **Justification**: This threat is worded poorly, seems overly specific, and there are no examples...
## General Comment **Threat ID**: CEL-27 **Type of Comment**: T **Proposed Change**: Fill in details or remove **Justification**: All of the details are blank on this threat other than the...
## General Comment **Threat ID**: ECO-3 **Type of Comment**: G - Within app stores you can enforce whitelisting of apps. Ensure use of Trusted app sites. Isolation or quarantine of...
## General Comment **Threat ID**: ECO-2 **Type of Comment**: G - Assumption - Apply applicable data encryption for data in transit and at rest. Note - compliance and certification versus...