CAPEC-611

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: Medium
BitSquatting

Description

An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

Prerequisites

An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

Mitigations

Authenticate all servers and perform redundant checks when using DNS hostnames.

When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.

Skills Required

[Low] Adversaries must be able to register DNS hostnames/URL’s.