CAPEC-504 Detail

CAPEC-504

Name

Task Impersonation

Likihood attacks

Medium

Typical Severity

High

Status

Stable

Published

2014-06-23
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An adversary, through a previously installed malicious application, impersonates an expected or routine task in an attempt to steal sensitive information or leverage a user's privileges.

Informations CAPEC

Execution Flow

1) Explore

[Determine suitable tasks to exploit] Determine what tasks exist on the target system that may result in a user providing sensitive information.

Technique

Determine what tasks prompt a user for their credentials.
Determine what tasks may prompt a user to authorize a process to execute with elevated privileges.

2) Exploit

[Impersonate Task] Impersonate a legitimate task, either expected or unexpected, in an attempt to gain user credentials or to ride the user's privileges.

Technique

Prompt a user for their credentials, while making the user believe the credential request is legitimate.
Prompt a user to authorize a task to run with elevated privileges, while making the user believe the request is legitimate.

Prerequisites

The adversary must already have access to the target system via some means.
A legitimate task must exist that an adversary can impersonate to glean credentials.
The user's privileges allow them to execute certain tasks with elevated privileges.

Skills Required

Once an adversary has gained access to the target system, impersonating a task is trivial.

Resources Required

Malware or some other means to initially comprise the target system.
Additional malware to impersonate a legitimate task.

Mitigations

The only known mitigation to this attack is to avoid installing the malicious application on the device. However, to impersonate a running task the malicious application does need the GET_TASKS permission to be able to query the task list, and being suspicious of applications with that permission can help.

Related Weaknesses

CWE-ID	Weakness Name
CWE-1021	Improper Restriction of Rendered UI Layers or Frames The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References

REF-434

Phishing on Mobile Devices
Adrienne Porter Felt, David Wagner.
https://people.eecs.berkeley.edu/~daw/papers/mobphish-w2sp11.pdf

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated References
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2019-09-30 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated @Abstraction, @Status, Consequences, Description, Example_Instances, Execution_Flow, Indicators, Likelihood_Of_Attack, Mitigations, Prerequisites, Resources_Required, Skills_Required, Typical_Severity
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Extended_Description
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Taxonomy_Mappings