|
|
|
|
CAPEC-634: Probe Audio and Video Peripherals |
 Description The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system. Likelihood Of Attack Typical Severity Prerequisites
| Knowledge of the target device's or application’s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device. |
Skills Required
[Level: High] To deploy a hidden process or malware on the system to automatically collect audio and video data. |
Consequences  This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.| Scope | Impact | Likelihood |
|---|
Confidentiality | Read Data | |
Mitigations
| Prevent unknown code from executing on a system through the use of an allowlist policy. |
| Patch installed applications as soon as new updates become available. |
Example Instances
| An adversary can capture audio and video, and transmit the recordings to a C2 server or a similar capability. |
| An adversary can capture and record from audio peripherals in a vehicle via a Car Whisperer attack. If an adversary is within close proximity to a vehicle with Bluetooth capabilities, they may attempt to connect to the hands-free system when it is in pairing mode. With successful authentication, if an authentication system is present at all, an adversary may be able to play music/voice recordings, as well begin a recording and capture conversations happening inside the vehicle. Successful authentication relies on the pairing security key being set to a default value, or by brute force (which may be less practical in an outside environment) Depending on the sensitivity of the information being discussed, this scenario can be extremely compromising. |
| An adversary may also use a technique called Bluebugging, which is similar to Bluesnarfing but requires the adversary to be between 10-15 meters of the target device. Bluebugging creates a backdoor for an attacker to listen/record phone calls, forward calls, send SMS and retrieve the phonebook. |
Taxonomy Mappings CAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.| Entry ID | Entry Name |
|---|
| 1123 | Audio Capture | | 1125 | Video Capture |
References  Content History | Submissions |
|---|
| Submission Date | Submitter | Organization |
|---|
| 2018-07-31 (Version 2.12) | CAPEC Content Team | The MITRE Corporation | | | Modifications |
|---|
| Modification Date | Modifier | Organization |
|---|
| 2020-07-30 (Version 3.3) | CAPEC Content Team | The MITRE Corporation | | Updated Mitigations, Related_Attack_Patterns | | 2021-06-24 (Version 3.5) | CAPEC Content Team | The MITRE Corporation | | Updated Example_Instances, References |
More information is available — Please select a different filter.
|
