An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.
Description
Attack Execution Flow
3
1
Step 1
Explore[Determine vulnerable firmware or ROM code] An adversary will attempt to find device models that are known to have unpatchable firmware or ROM code, or are deemed âend-of-supportâ where a patch will not be made. The adversary looks for vulnerabilities in firmware or ROM code for the identified devices, or looks for devices which have known vulnerabilities
Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on.
AI Translation
[Determina firmware o codice ROM vulnerabile] Un avversario tenterà di individuare modelli di dispositivi noti per avere firmware o codice ROM non aggiornabile, o considerati “end-of-support” dove non verrà rilasciata una patch. L’avversario cerca vulnerabilità nel firmware o nel codice ROM dei dispositivi identificati, oppure individua dispositivi con vulnerabilità note.
Molti botnet utilizzano scansioni wireless per scoprire dispositivi vicini che potrebbero avere credenziali di default o password comunemente usate. Una volta infetti, questi dispositivi possono cercare altri dispositivi nelle vicinanze e così via.
Attack Techniques
-
Many botnets use wireless scanning to discover nearby devices that might have default credentials or commonly used passwords. Once these devices are infected, they can search for other nearby devices and so on.
2
Step 2
Experiment[Determine plan of attack] An adversary identifies a specific device/model that they wish to attack. They will also investigate similar devices to determine if the vulnerable firmware or ROM code is also present.
AI Translation
[Determinare il piano di attacco] Un adversary identifica un dispositivo/modello specifico che desidera attaccare. Inoltre, indagano su dispositivi simili per verificare se sono presenti anche il firmware vulnerabile o il codice ROM.
3
Step 3
Exploit[Carry out attack] An adversary exploits the vulnerable firmware or ROM code on the identified device(s) to achieve their desired goal.
Install malware on a device to recruit it for a botnet.
Install malware on the device and use it for a ransomware attack.
Gain root access and steal information stored on the device.
Manipulate the device to behave in unexpected ways which would benefit the adversary.
AI Translation
[Condurre un attacco] Un adversary sfrutta il firmware vulnerabile o il codice ROM sul/i dispositivo/i identificato/i per raggiungere il proprio obiettivo desiderato.
Installare malware su un dispositivo per reclutarlo in una botnet.
Installare malware sul dispositivo e utilizzarlo per un attacco ransomware.
Ottenere l'accesso root e rubare le informazioni memorizzate sul dispositivo.
Manipolare il dispositivo affinché si comporti in modi inaspettati che avvantaggino l'adversary.
Attack Techniques
-
Gain root access and steal information stored on the device.
-
Install malware on the device and use it for a ransomware attack.IT: Ottenere l'accesso root e rubare le informazioni memorizzate sul dispositivo.
-
Install malware on a device to recruit it for a botnet.IT: Ottenere l'accesso root e rubare le informazioni memorizzate sul dispositivo.
-
Manipulate the device to behave in unexpected ways which would benefit the adversary.IT: Ottenere l'accesso root e rubare le informazioni memorizzate sul dispositivo.
Mitigations
2
Design Systems And Products With The Ability To Patch Firmware Or Rom Code After Deployment To Fix Vulnerabilities.
Make Use Of Ota (Over-The-Air) Updates So That Firmware Can Be Patched Remotely Either Through Manual Or Automatic Means
Consequences
Security Scopes Affected
Access Control
Authorization
Confidentiality
Integrity
Potential Impacts
Gain Privileges
Modify Data
Read Data