Home > CAPEC List > CAPEC-473: Signature Spoof (Version 2.9)  

CAPEC-473: Signature Spoof

 
Signature Spoof
Definition in a New Window Definition in a New Window
Attack Pattern ID: 473
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.

+ Attack Prerequisites
  • The victim or victim system is dependent upon a cryptographic signature-based verification system for validation of one or more security events or actions.

  • The validation can be bypassed via an attacker-provided signature that makes it appear that the legitimate authoritative or reputable source provided the signature.

+ Methods of Attack
  • Protocol Manipulation
  • Analysis
  • API Abuse
  • Brute Force
  • Spoofing
+ Examples-Instances

Description

An attacker provides a victim with a malicious executable disguised as a legitimate executable from an established software by signing the executable with a forged cryptographic key. The victim's operating system attempts to verify the executable by checking the signature, the signature is considered valid, and the attackers' malicious executable runs.

Description

An attacker exploits weaknesses in a cryptographic algorithm to that allow a private key for a legitimate software vendor to be reconstructed, attacker-created malicious software is cryptographically signed with the reconstructed key, and is installed by the victim operating system disguised as a legitimate software update from the software vendor.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Technical understanding of how signature verification algorithms work with data and applications

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Access_Control
Authentication
Gain privileges / assume identity
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015