CAPEC-521: Hardware Design Specifications Are Altered
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An attacker with access to a manufacturer's hardware manufacturing process documentation alters the design specifications, which introduces flaws advantageous to the attacker once the system is deployed.
前提条件
- Advanced knowledge of hardware capabilities of a manufacturer's product.
- Access to the manufacturer's documentation.
所需技能
缓解措施
Digitize documents and cryptographically sign them to verify authenticity.
Password protect documents and make them read-only for unauthorized users.
Avoid emailing important documents and configurations.
Ensure deleted files are actually deleted.
Maintain backups of the document for recovery and verification.
Separate need-to-know information from system configuration information depending on the user.
示例实例
To operate at full capability, a manufacturer's network intrusion detection device needs to have either a Intel Xeon E7-2820 or AMD FX-8350 which have 8 "cores" available, allowing for advanced threading needed to handle large volumes of network traffic without resorting to dropping packets from the detection process. The attacker alters the documentation to state that the system design must use the Intel Core Duo or the AMD Phenom II X2, which only have 2 cores, causing the system to drop large amounts of packets during deployment at a victim site with large amounts of network traffic.