CAPEC-682: Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.
扩展描述
When a vulnerability is found in a device that has no means of patching, the attack may be used against an entire class of devices. Devices from the same manufacturer often use similar or identical firmware, which could lead to widespread attacks. Devices of this nature are prime targets for botnet attacks. Consumer devices are frequently targeted for this attack due to the complexities of updating firmware once manufacturers no longer have physical access to a device. When exploiting a found vulnerability, adversaries often try to gain root access on a device. This allows them to use the device for any malicious purpose. Some example exploits are stealing device data, using the device for a ransomware attack, or recruiting the device for a botnet.
执行流程
步骤 1 Explore
[Determine vulnerable firmware or ROM code] An adversary will attempt to find device models that are known to have unpatchable firmware or ROM code, or are deemed “end-of-support” where a patch will not be made. The adversary looks for vulnerabilities in firmware or ROM code for the identified devices, or looks for devices which have known vulnerabilities
- Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on.
步骤 2 Experiment
[Determine plan of attack] An adversary identifies a specific device/model that they wish to attack. They will also investigate similar devices to determine if the vulnerable firmware or ROM code is also present.
步骤 3 Exploit
[Carry out attack] An adversary exploits the vulnerable firmware or ROM code on the identified device(s) to achieve their desired goal.
- Install malware on a device to recruit it for a botnet.
- Install malware on the device and use it for a ransomware attack.
- Gain root access and steal information stored on the device.
- Manipulate the device to behave in unexpected ways which would benefit the adversary.
前提条件
- Awareness of the hardware being leveraged.
- Access to the hardware being leveraged, either physically or remotely.
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality
技术影响: Read Data
影响范围: Access Control Authorization
技术影响: Gain Privileges
缓解措施
Design systems and products with the ability to patch firmware or ROM code after deployment to fix vulnerabilities.
Make use of OTA (Over-the-air) updates so that firmware can be patched remotely either through manual or automatic means