English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CAPEC-682

Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities
MEDIUM
HIGH
Draft
2022-09-29 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.

Informations

Execution Flow

1) Explore

[Determine vulnerable firmware or ROM code] An adversary will attempt to find device models that are known to have unpatchable firmware or ROM code, or are deemed “end-of-support” where a patch will not be made. The adversary looks for vulnerabilities in firmware or ROM code for the identified devices, or looks for devices which have known vulnerabilities

Technique
  • Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on.

2) Experiment

[Determine plan of attack] An adversary identifies a specific device/model that they wish to attack. They will also investigate similar devices to determine if the vulnerable firmware or ROM code is also present.

3) Exploit

[Carry out attack] An adversary exploits the vulnerable firmware or ROM code on the identified device(s) to achieve their desired goal.

Technique
  • Install malware on a device to recruit it for a botnet.
  • Install malware on the device and use it for a ransomware attack.
  • Gain root access and steal information stored on the device.
  • Manipulate the device to behave in unexpected ways which would benefit the adversary.

Prerequisites

Awareness of the hardware being leveraged.
Access to the hardware being leveraged, either physically or remotely.

Skills Required

Knowledge of various wireless protocols to enable remote access to vulnerable devices
Ability to identify physical entry points such as debug interfaces if the device is not being accessed remotely

Mitigations

Design systems and products with the ability to patch firmware or ROM code after deployment to fix vulnerabilities.
Make use of OTA (Over-the-air) updates so that firmware can be patched remotely either through manual or automatic means

Related Weaknesses

CWE-ID Weakness Name
CWE-1277 Firmware Not Updateable
The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.
CWE-1310 Missing Ability to Patch ROM Code
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.

References

REF-723

Alarm bells ring, the IoT is listening
Alex Scroxton.
https://www.computerweekly.com/news/252475324/Alarm-bells-ring-the-IoT-is-listening

REF-724

Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed
Matthew Hughes.
https://www.theregister.com/2019/12/11/f_secure_keywe/

REF-725

Zyxel Flaw Powers New Mirai IoT Botnet Strain
Brian Krebs.
https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/

REF-726

Digital Age Organizations: Uncovering Over-the-Air Updates in the Smart Product Realm
Colin Schulz, Stefan Raff, Sebastian Kortmann, Nikolaus Obwegeser.
https://www.researchgate.net/publication/356065917_Digital_Age_Organizations_Uncovering_Over-the-Air_Updates_in_the_Smart_Product_Realm

Submission

Name Organization Date Date Release
CAPEC Content Team 2022-09-29 +00:00

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.