Home > CAPEC List > CAPEC-517: Documentation Alteration to Circumvent Dial-down (Version 2.11)  

CAPEC-517: Documentation Alteration to Circumvent Dial-down

 
Documentation Alteration to Circumvent Dial-down
Definition in a New Window Definition in a New Window
Attack Pattern ID: 517
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker with access to a manufacturer's documentation, which include descriptions of advanced technology and/or specific components' criticality, alters the documents to circumvent dial-down functionality requirements. This alteration would change the interpretation of implementation and manufacturing techniques, allowing for advanced technologies to remain in place even though these technologies might be restricted to certain customers, such as nations on the terrorist watch list, giving the attacker on the receiving end of a shipped product access to an advanced technology that might otherwise be restricted.

+ Attack Prerequisites
  • Advanced knowledge of internal software and hardware components within manufacturer's development environment.

  • Access to the manufacturer's documentation.

+ Typical Severity

High

+ Typical Likelihood of Exploit

Likelihood: Low

The nature of these type of attacks involve a coordinated effort between well-funded multiple attackers, and sometimes require physical access to successfully complete an attack. As a result these types of attacks are not launched on a large scale against any potential victim, but are typically highly targeted against victims who are often targeted and may have rather sophisticated cyber defenses already in place.

+ Examples-Instances

Description

A product for manufacture exists that contains advanced cryptographic capabilities, including algorithms that are restricted from being shipped to some nations. An attacker from one of the restricted nations alters the documentation to ensure that when the product is manufactured for shipment to a restricted nation, the software compilation steps that normally would prevent the advanced cryptographic capabilities from being included are actually included. When the product is shipped to the attacker's home country, the attacker is able to retrieve and/or use the advanced cryptographic capabilities.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

Ability to read, interpret, and subsequently alter manufacturer's documentation to prevent dial-down capabilities.

Skill or Knowledge Level: High

Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.

+ References
[R.517.1] [REF-50] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Related_Attack_Patterns, Typical_Likelihood_of_ExploitInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017