{
"id": "bundle--a48ef11c-e5a4-47c1-a10f-ec909efbc56b",
"objects": [
{
"created": "2022-09-29T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.",
"external_references": [
{
"external_id": "CAPEC-682",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/682.html"
},
{
"external_id": "CWE-1277",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/1277.html"
},
{
"external_id": "CWE-1310",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/1310.html"
},
{
"description": "Alex Scroxton, Alarm bells ring, the IoT is listening, 2019--12---13, TechTarget",
"external_id": "REF-723",
"source_name": "reference_from_CAPEC",
"url": "https://www.computerweekly.com/news/252475324/Alarm-bells-ring-the-IoT-is-listening"
},
{
"description": "Matthew Hughes, Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed, 2019--12---11, Situation Publishing",
"external_id": "REF-724",
"source_name": "reference_from_CAPEC",
"url": "https://www.theregister.com/2019/12/11/f_secure_keywe/"
},
{
"description": "Brian Krebs, Zyxel Flaw Powers New Mirai IoT Botnet Strain, 2020--03---20, Krebs on Security",
"external_id": "REF-725",
"source_name": "reference_from_CAPEC",
"url": "https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/"
},
{
"description": "Colin Schulz, Stefan Raff, Sebastian Kortmann, Nikolaus Obwegeser, Digital Age Organizations: Uncovering Over-the-Air Updates in the Smart Product Realm, 2021--12, International Conference on Information Systems (ICIS) 2021",
"external_id": "REF-726",
"source_name": "reference_from_CAPEC",
"url": "https://www.researchgate.net/publication/356065917_Digital_Age_Organizations_Uncovering_Over-the-Air_Updates_in_the_Smart_Product_Realm"
}
],
"id": "attack-pattern--01a08342-5c58-4f61-b8e1-997e444b3a59",
"modified": "2022-09-29T00:00:00.000Z",
"name": "Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"type": "attack-pattern",
"x_capec_abstraction": "Standard",
"x_capec_child_of_refs": [
"attack-pattern--c727c058-2c9d-4021-a1ec-81dd030dea59"
],
"x_capec_consequences": {
"Access_Control": [
"Gain Privileges"
],
"Authorization": [
"Gain Privileges"
],
"Confidentiality": [
"Read Data"
],
"Integrity": [
"Modify Data"
]
},
"x_capec_domains": [
"Software",
"Hardware"
],
"x_capec_example_instances": [
"\n
Determine vulnerable firmware or ROM code: An adversary will attempt to find device models that are known to have unpatchable firmware or ROM code, or are deemed “end-of-support” where a patch will not be made. The adversary looks for vulnerabilities in firmware or ROM code for the identified devices, or looks for devices which have known vulnerabilities
Techniques |
---|
Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on. |
Determine plan of attack: An adversary identifies a specific device/model that they wish to attack. They will also investigate similar devices to determine if the vulnerable firmware or ROM code is also present.
Carry out attack: An adversary exploits the vulnerable firmware or ROM code on the identified device(s) to achieve their desired goal.
Techniques |
---|
Install malware on a device to recruit it for a botnet. |
Install malware on the device and use it for a ransomware attack. |
Gain root access and steal information stored on the device. |
Manipulate the device to behave in unexpected ways which would benefit the adversary. |