Home > CAPEC List > CAPEC-206: Lifting signing key and signing malicious code from a production environment (Version 2.10)  

CAPEC-206: Lifting signing key and signing malicious code from a production environment

 
Lifting signing key and signing malicious code from a production environment
Definition in a New Window Definition in a New Window
Attack Pattern ID: 206
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

The attacker extracts credentials used for code signing from a production environment and uses these credentials to sign malicious content with the developer's key. Many developers use signing keys to sign code or hashes of code. When users or applications verify the signatures are accurate they are led to believe that the code came from the owner of the signing key and that the code has not been modified since the signature was applied. If the attacker has extracted the signing credentials then they can use those credentials to sign their own code bundles. Users or tools that verify the signatures attached to the code will likely assume the code came from the legitimate developer and install or run the code, effectively allowing the attacker to execute arbitrary code on the victim's computer.

+ Attack Prerequisites
  • The targeted developer must use a signing key to sign code bundles. (Note that not doing this is not a defense - it only means that the attacker does not need to steal the signing key before forging code bundles in the developer's name.)

+ Typical Severity

Very High

+ Resources Required

No special resources are required for this attack.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017