M1009 Encrypt Network Traffic
Application developers should encrypt all of their application network traffic using the Transport Layer Security (TLS) protocol to ensure protection of sensitive data and deter network-based attacks. If desired, application developers could perform message-based encryption of data before passing it for TLS encryption.
iOS’s App Transport Security feature can be used to help ensure that all application network traffic is appropriately protected. Apple intends to mandate use of App Transport Security 1 for all apps in the Apple App Store unless appropriate justification is given.
Android’s Network Security Configuration feature similarly can be used by app developers to help ensure that all of their application network traffic is appropriately protected 2.
Use of Virtual Private Network (VPN) tunnels, e.g. using the IPsec protocol, can help mitigate some types of network attacks as well.
|Created||25 October 2017|
|Last Modified||17 October 2018|
|Navigation Layer||View In ATT&CK® Navigator|
Techniques Addressed by Mitigation
|mobile||T1466||Downgrade to Insecure Protocols||Application-layer encryption (e.g. use of the Transport Layer Security protocol) or a Virtual Private Network (VPN) tunnel (e.g. using the IPsec protocol) may help mitigate weaknesses in the cellular network encryption.|
|mobile||T1439||Eavesdrop on Insecure Network Communication||-|
|mobile||T1449||Exploit SS7 to Redirect Phone Calls/SMS||Use of end-to-end encryption of voice calls and text messages “provides another layer in the defense against potential information compromise by SS7 enabled eavesdropping.”4|
|mobile||T1463||Manipulate Device Communication||App developers should be advised to use the Android Network Security Configuration feature and the iOS App Transport Security feature to gain some level of assurance that app network traffic is protected.3|
|mobile||T1410||Network Traffic Capture or Redirection||This mitigation may not always be effective depending on the method used to encrypt network traffic. In some cases, an adversary may be able to capture traffic before it is encrypted.|
|mobile||T1467||Rogue Cellular Base Station||-|
|mobile||T1465||Rogue Wi-Fi Access Points||Application-layer encryption (e.g. use of the Transport Layer Security protocol) or a Virtual Private Network (VPN) tunnel (e.g. using the IPsec protocol) may help mitigate use of untrusted Wi-Fi networks.|