{
	"id": "43a8875f-a17f-43eb-8dcc-2139b5eb638d",
	"created_at": "2026-04-06T00:16:17.382752Z",
	"updated_at": "2026-04-10T03:21:51.015688Z",
	"deleted_at": null,
	"sha1_hash": "119e524bd532834454fa084be9cb4c63828074ff",
	"title": "ECO-0 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49870,
	"plain_text": "ECO-0 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 23:41:01 UTC\r\nMobile Threat Catalogue\r\nExploitation of PC Backups\r\nContribute\r\nThreat Category: Mobile OS \u0026 Vendor Infrastructure\r\nID: ECO-0\r\nThreat Description: Mobile device backup data that is stored on a user’s personal computer may be exploited\r\nthrough weak passwords or other access methods. Mobile device data may also be inadvertently stolen when the\r\nmobile device is plugged into a compromised personal computer.\r\nThreat Origin\r\nNot Applicable, See Exploit or CVE Examples\r\nExploit Examples\r\nBackStab: Mobile Backup Data Under Attack from Malware 1\r\niOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break 2\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nMobile Device User\r\nAs knowledge of the authentication credentials for any associated account (e.g., iTunes, Google) may facilitate an\r\nattacker’s ability to initiate, access, or decrypt device backups, follow best practices for management of device\r\naccount passwords.\r\nTo detect malware that may realize this threat against device backups to a trusted computer, ensure up-to-date anti-malware software is configured to regularly scan for malicious files and application behavior.\r\nTo prevent this threat for backups to a trusted computer, configure any device backup software (e.g., iTunes) to\r\nencrypt all device backups. Furthermore, securely erase any unencrypted backups that may already exist.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-0.html\r\nPage 1 of 2\n\nTo prevent a device from being inadvertently backed up to an computer under an attacker’s control, when\r\ncharging the device, do not grant trust to an untrusted computer or charging station.\r\nTo prevent an attacker from directly initiating an unauthorized device backup to a controlled computer, ensure a\r\ndevice unlock code has been configured for the device and that the device is left in a locked state when being left\r\nunattended.\r\nTo further prevent an attacker from directly initiating an unauthorized device backup to a controlled computer, use\r\nstrong physical security measures (e.g., lock the device into a secure container) when leaving a device directly\r\nunattended.\r\nEnterprise\r\nTo detect malware that may realize this threat against device backups to a trusted computer, ensure up-to-date anti-malware software is configured to regularly scan for malicious files and application behavior.\r\nTo prevent this threat for all backups of managed devices, deploy EMM/MDM solutions in combination with\r\ndevices that successfully enforce policies to either encrypt all device backups or to block device backups entirely,\r\nas appropriate.\r\nTo prevent this threat for enterprise data contained in backups of managed devices, deploy EMM/MDM/container\r\nsolutions in combination with devices that successfully enforce policies to either encrypt all enterprise data, or\r\nblock enterprise data from being included in device backups.\r\nReferences\r\n1. C. Xiao, “BackStab: Mobile Backup Data Under Attack from Malware”, paloalto, 7 Dec. 2015;\r\nhttp://researchcenter.paloaltonetworks.com/2015/12/backstab-mobile-backup-data-under-attack-from-malware/ [accessed 8/29/2016] ↩\r\n2. O. Afononin, TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion, Elcomsoft\r\nBlog, 23 Sept 2016; https://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/ [accessed 12/9/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-0.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-0.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-0.html"
	],
	"report_names": [
		"ECO-0.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434577,
	"ts_updated_at": 1775791311,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/119e524bd532834454fa084be9cb4c63828074ff.pdf",
		"text": "https://archive.orkl.eu/119e524bd532834454fa084be9cb4c63828074ff.txt",
		"img": "https://archive.orkl.eu/119e524bd532834454fa084be9cb4c63828074ff.jpg"
	}
}