StandardDraft

CAPEC-502Intent Spoof

Abstraction
Standard
Status
Draft

Description

An adversary, through a previously installed malicious application, issues an intent directed toward a specific trusted application's component in an attempt to achieve a variety of different objectives including modification of data, information disclosure, and data injection. Components that have been unintentionally exported and made public are subject to this type of an attack. If the component trusts the intent's action without verififcation, then the target application performs the functionality at the adversary's request, helping the adversary achieve the desired negative technical impact.

Related weaknesses· 1

CWE-284

Related attack patterns· 1

CAPEC-148 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Android Intent Intercept
CAPEC
Android Activity Hijack
CAPEC
Task Impersonation
CAPEC
Action Spoofing
CAPEC
Content Spoofing Via Application API Manipulation
CAPEC
Malicious Automated Software Update via Spoofing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.