Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created
Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone: Insecure Communications Smart Devices Mobile Phone: Camera and or Mic Hijack Smart Devices Mobile Phone: Browser SSL Vulnerability Smart Devices Lifting Data Embedded in Client Distributions SatCom Counterfeit GPS Signals GPS Carry-Off GPS Attack GPS Protocol Manipulation SatCom Medium Password Recovery Exploitation SatCom Malware Infection into Product Software Camera Manipulate Resources SatCom Jamming SatCom Man in the Middle Attack Camera Malicious Software Download Firmware TCP RPC Scan TCP TCP SYN Scan TCP TCP Window Scan TCP TCP ISN Greatest Common Divisor Probe TCP TCP ISN Counter Rate Probe TCP TCP ISN Sequence Predictability Probe TCP TCP Sequence Number Probe TCP TCP Congestion Control Flag Probe TCP TCP Initial Window Size Probe TCP Content Spoofing 3G Medium Sniffing Attacks 3G Medium Action Spoofing 3G Sniffing Network Traffic 3G
Denial of Service through Resource Depletion 3G Medium Privilege Abuse 3G Resource Location Spoofing 3G Intent Spoof 3G Identity Spoofing - Impersonation 4G Medium Sniffing Attacks 4G Medium Cellular Traffic Intercept 3G Denial of Service 3G Exploitation of Authorization 4G Medium Denial of Service through Resource Depletion DSMx Medium Exploitation of Authentication 4G Denial of Service 4G Hijacking a privileged process DSMx Medium Protocol Manipulation DSMx Medium External Entity Attack DSMx Medium Mobile Phone: Camera and or Mic Hijack Camera Mobile Phone: Insecure Communications Camera Mobile Phone: Web App Vulnerabilities Camera Command Injection DSMx Medium DEPRECATED: Malware Propagation via USB U3 Autorun Remote Control DEPRECATED: Malware Propagation via Infected Peripheral Device Remote Control Leverage Alternate Encoding DSMx Medium Sniffing Attacks Remote Control Medium Man in the Middle Attack Remote Control Malware Propagation via USB Stick Remote Control Traceroute Route Enumeration DSMx Man in the Middle Attack GPS USB Memory Attacks Remote Control Identity Spoofing - Impersonation Smart Devices Medium
Man in the Middle Attack Smart Devices Add Malicious File to Shared Webroot Remote Control Shared Technology Issues Remote Control Targeted Malware Smart Devices Sensitive Data Exposure GPS Account Footprinting Smart Devices Bluejacking Smart Devices Bluesnarfing Smart Devices WiFi SSID Tracking Smart Devices Malware Propagation via USB Stick Smart Devices DEPRECATED: Malware Propagation via USB U3 Autorun Smart Devices DEPRECATED: Malware Propagation via Infected Peripheral Device Smart Devices USB Memory Attacks Smart Devices Man in the Middle Attack Antenna Sensitive Data Exposure Antenna Wi-Fi Jamming Smart Devices WiFi MAC Address Tracking Smart Devices Bluebugging Smart Devices Manipulating Web Input to File System Calls Create files with the same name as files protected with a higher classification Accessing, Modifying or Executing Executable Files Sensitive Data Exposure Weak Identity, Credential and Access Management Denial of Service
File Manipulation Authentication Bypass Dictionary-based Password Attack Sniff Application Code Password Recovery Exploitation Code Injection Reflected Cross Site Scripting - WASC Password Brute Forcing Medium Medium Overflow Buffers Exploit Common or default Usernames and Passwords Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan Encryption Brute Forcing Medium Medium Cross Site Request Forgery Session Hijacking TCP ACK Scan Exploit Common or default Usernames and Passwords TCP ACK Ping TCP SYN Ping HTTP DoS TCP Connect Scan Unauthorized Use of Device Resources Denial of Service
WS: XML Denial of Service Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan TCP ACK Ping TCP SYN Ping TCP Connect Scan TCP ACK Scan Exploit Common or default Usernames and Passwords Medium Medium WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Eavesdropping Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan Medium Medium
TCP ACK Ping TCP SYN Ping TCP Connect Scan TCP ACK Scan Exploit Common or default Usernames and Passwords WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Gather Information ICMP Fragmentation Eavesdropping Eavesdropping Reusing Session IDs aka Session Replay Session Hijacking Denial of Service through Resource Depletion Protocol Manipulation TCP SYN Scan TCP ACK Ping TCP SYN Ping TCP Connect Scan Medium Medium TCP ACK Scan
Exploit Common or default Usernames and Passwords WS: XML Denial of Service Gather Information HTTP DoS ICMP Fragmentation Unauthorized Use of Device Resources Denial of Service Eavesdropping Reusing Session IDs aka Session Replay Exploiting Incorrectly Configured SSL Encryption Brute Forcing SQL Injection Blind SQL Injection Persistent Cross Site Scripting - WASC HTTP Response Splitting Open 03/20/2018 Open 03/20/2018 Open 03/20/2018 Open 03/27/2018 Clickjacking Open 03/27/2018