CAPEC-682 Exploitation of Firmware or ROM Code ...

CAPEC-682 Metadata

Likelihood of Attack

Medium

Typical Severity

High

Overview

Summary

An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.

Prerequisites

Awareness of the hardware being leveraged. Access to the hardware being leveraged, either physically or remotely.

Execution Flow

Step	Phase	Description	Techniques
1	Explore	[Determine vulnerable firmware or ROM code] An adversary will attempt to find device models that are known to have unpatchable firmware or ROM code, or are deemed “end-of-support” where a patch will not be made. The adversary looks for vulnerabilities in firmware or ROM code for the identified devices, or looks for devices which have known vulnerabilities	Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on.
2	Experiment	[Determine plan of attack] An adversary identifies a specific device/model that they wish to attack. They will also investigate similar devices to determine if the vulnerable firmware or ROM code is also present.
3	Exploit	[Carry out attack] An adversary exploits the vulnerable firmware or ROM code on the identified device(s) to achieve their desired goal.	Install malware on a device to recruit it for a botnet. Install malware on the device and use it for a ransomware attack. Gain root access and steal information stored on the device. Manipulate the device to behave in unexpected ways which would benefit the adversary.

Potential Solutions / Mitigations

Design systems and products with the ability to patch firmware or ROM code after deployment to fix vulnerabilities. Make use of OTA (Over-the-air) updates so that firmware can be patched remotely either through manual or automatic means

Related Weaknesses (CWE)

CWE ID	Description
CWE-1277	Firmware Not Updateable
CWE-1310	Missing Ability to Patch ROM Code

Related CAPECs

CAPEC ID	Description
CAPEC-212	An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

CAPEC ID

Description

CAPEC-212

An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.