CAPEC-40: Manipulating Writeable Terminal Devices
Description
Extended Description
RFID (Radio Frequency Identification) are passive devices which consist of an integrated circuit for processing RF signals and an antenna. RFID devices are passive in that they lack an on on-board power source. The majority of RFID chips operate on either the 13.56 MHz or 135 KHz frequency. The chip is powered when a signal is received by the antenna on the chip, powering the chip long enough to send a reply message. An attacker is able to capture and analyze RFID data by either stimulating the chip to respond or being proximate to the chip when it sends a response to a remote transmitter. This allows the attacker to duplicate the signal and conduct attacks such as gaining unauthorized access to a building or impersonating a user's identification.
Severity :
Very High
Possibility :
High
Type :
Standard
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Low Ability to discover permissions on terminal devices. Of course, brute force can also be used.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Resources required
Access to a terminal on the target network
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.