Skip to content

T1463 Manipulate Device Communication

If network traffic between the mobile device and a remote server is not securely protected, then an attacker positioned on the network may be able to manipulate network communication without being detected. For example, FireEye researchers found in 2014 that 68% of the top 1,000 free applications in the Google Play Store had at least one Transport Layer Security (TLS) implementation vulnerability potentially opening the applications’ network traffic to adversary-in-the-middle attacks 1.

Item Value
ID T1463
Sub-techniques
Tactics TA0038
Platforms Android, iOS
Version 1.1
Created 25 October 2017
Last Modified 28 July 2021

Mitigations

ID Mitigation Description
M1005 Application Vetting Application vetting techniques can scan for use of cleartext communication, insecure TrustManager implementations, and other potential network communication weaknesses. The Google Play Store now automatically assesses submitted applications for insecure TrustManager implementations.2
M1009 Encrypt Network Traffic App developers should be advised to use the Android Network Security Configuration feature and the iOS App Transport Security feature to gain some level of assurance that app network traffic is protected.2

References

  1. Adrian Mettler, Yulong Zhang, Vishwanath Raman. (2014, August 20). SSL VULNERABILITIES: WHO LISTENS WHEN ANDROID APPLICATIONS TALK?. Retrieved December 24, 2016. 

  2. Google. (n.d.). How to fix apps containing an unsafe implementation of TrustManager. Retrieved December 24, 2016. 

Back to top