CAPEC-634

Probe Audio and Video Peripherals
Bas
Haute
Stable
2018-07-31
00h00 +00:00
2021-06-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.

Informations du CAPEC

Conditions préalables

Knowledge of the target device's or application’s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device.

Compétences requises

To deploy a hidden process or malware on the system to automatically collect audio and video data.

Atténuations

Prevent unknown code from executing on a system through the use of an allowlist policy.
Patch installed applications as soon as new updates become available.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-267

 Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Références

REF-653

What is Car Whisperer?
Amrita Mitra.
https://www.thesecuritybuddy.com/bluetooth-security/what-is-car-whisperer/

REF-654

What is Bluesnarfing?
https://www.finjanmobile.com/what-is-bluesnarfing/

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Mitigations, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Example_Instances, References
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.