CAPEC-682
Description
An adversary may exploit vulnerable code (i.e., firmware or ROM) that is unpatchable. Unpatchable devices exist due to manufacturers intentionally or inadvertently designing devices incapable of updating their software. Additionally, with updatable devices, the manufacturer may decide not to support the device and stop making updates to their software.
Prerequisites
Awareness of the hardware being leveraged.
Access to the hardware being leveraged, either physically or remotely.
Mitigations
Design systems and products with the ability to patch firmware or ROM code after deployment to fix vulnerabilities.
Make use of OTA (Over-the-air) updates so that firmware can be patched remotely either through manual or automatic means
Skills Required
[Medium] Knowledge of various wireless protocols to enable remote access to vulnerable devices
[High] Ability to identify physical entry points such as debug interfaces if the device is not being accessed remotely