CAPEC-447: Design Alteration

Description
An adversary modifies the design of a technology, product, or component to acheive a negative impact once the system is deployed. In this type of attack, the goal of the adversary is to modify the design of the system, prior to development starting, in such a way that the negative impact can be leveraged when the system is later deployed. Design alteration attacks differ from development alteration attacks in that design alteration attacks take place prior to development and which then may or may not be developed by the adverary. Design alteration attacks include modifying system designs to degrade system performance, cause unexpected states or errors, and general design changes that may lead to additional vulnerabilities. These attacks generally require insider access to modify design documents, but they may also be spoofed via web communications. The product is then developed and delivered to the user where the negative impact can be leveraged at a later time.
Extended Description

The result is a window of opportunity for exploiting the product until the insecure component is discovered. This supply chain threat can result in the installation of malicious software or hardware that introduces widespread security vulnerabilities within an organization. Additionally, because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing Commercial off the Shelf (COTS) or Open Source Software (OSS) software that comes pre-packaged with the components required for it to operate. It is also worth noting that this attack can occur during initial product development or throughout a product's sustainment.

Severity :

High

Possibility :

Medium

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-438: Modification During Manufacture Modification During Manufacture CAPEC-517: Documentation Alteration to Circumvent Dial-down Documentation Alteration to Circumvent Dial-down CAPEC-518: Documentation Alteration to Produce Under-performing Systems Documentation Alteration to Produce Under-performing Systems CAPEC-519: Documentation Alteration to Cause Errors in System Design Documentation Alteration to Cause Errors in System Design CAPEC-521: Hardware Design Specifications Are Altered Hardware Design Specifications Are Altered CAPEC-671: Requirements for ASIC Functionality Maliciously Altered Requirements for ASIC Functionality Maliciously Altered CAPEC-674: Design for FPGA Maliciously Altered Design for FPGA Maliciously Altered
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Access to system design documentation prior to the development phase. This access is often obtained via insider access or by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.
  • Ability to forge web communications to deliver modified design documentation.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.