CAPEC-440: Hardware Integrity Attack

Description
An adversary exploits a weakness in the system maintenance process and causes a change to be made to a technology, product, component, or sub-component or a new one installed during its deployed use at the victim location for the purpose of carrying out an attack.
Extended Description

The fundamental difference is that embedded messages have a complete semantic quality, rather than mere imagery, and the mind of the target tends to key off of particular dominant patterns. The remaining information, carefully structured, speaks directly to the subconscious with a subtle, indirect, command. The effect is to produce a pattern of thinking that the attacker has predetermined but is buried within the message and not overtly stated. Structuring a human "buffer overflow" requires precise attention to detail and the use of information in a manner that distracts the conscious mind from the message the subconscious is receiving.

Severity :

High

Possibility :

Low

Type :

Meta
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-401: Physically Hacking Hardware Physically Hacking Hardware CAPEC-534: Malicious Hardware Update Malicious Hardware Update
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Influence over the deployed system at a victim location.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Supply Chain Compromise: Compromise Hardware Supply Chain ATTACK | Hardware Additions
Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.