Home > CAPEC List > CAPEC-448: Malware Infection into Product Software (Version 2.11)  

CAPEC-448: Malware Infection into Product Software

 
Malware Infection into Product Software
Definition in a New Window Definition in a New Window
Attack Pattern ID: 448
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker tampers with the code of a product and injects malicious logic into the device in order to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors becomes important vectors of attack.

+ Attack Prerequisites
+ References
[R.448.1] [REF-31] Information Technology Laboratory. "Supply Chain Risk Management (SCRM)". National Institute of Standards and Technology (NIST). 2010.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017