| Name |
Flash Memory Attacks |
|
| Likelyhood of attack |
Typical severity |
| Low |
High |
|
| Summary |
An adversary inserts malicious logic into a product or technology via flashing the on-board memory with a code-base that contains malicious logic. Various attacks exist against the integrity of flash memory, the most direct being rootkits coded into the BIOS or chipset of a device. |
| Prerequisites |
|
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-1282 |
Assumed-Immutable Data is Stored in Writable Memory |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-456 |
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain. |
|