Standardseverity: MediumDraft

CAPEC-651Eavesdropping

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.

Related weaknesses· 1

CWE-200

MITRE ATT&CK crosswalk· 1

T1111: Multi-Factor Authentication Interception

Related attack patterns· 1

CAPEC-117 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related to1

TypeTargetConfidenceTier
TechniqueMulti-Factor Authentication Interceptiont1111100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Sniffing Attacks
CAPEC
Sniffing Network Traffic
CAPEC
Interception
CAPEC
Probe Audio and Video Peripherals
CAPEC
Eavesdropping on a Monitor
CAPEC
Cellular Traffic Intercept
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.