TID-224: Excessive Access via Software Diagnostic Features
Threat Description
If a device has debugging capabilities (e.g., diagnostic tools, debug logs, etc.) that are not authenticated or can be accessed in unintended ways, it may be possible for a threat actor to attach to these debuggers. Debuggers frequently have privileged access, which would give the threat actors increased access over the device.
Threat Maturity and Evidence
Observed Adversarial Technique
- ATT&CK T1623 Command and Scripting Interpreter
“Most systems come with some built-in command-line interface and scripting capabilities, for example, Android is a UNIX-like OS and includes a basic Unix Shell that can be accessed via the Android Debug Bridge (ADB)”
Proof of Concept
- Hacking an ATM Is Shockingly Easy
“You could just reboot the machine into a debugging or safe mode, which often led to the jackpot. ’Setting a different boot mode was possible on 88 percent of ATMs,’ the report said. ‘In 42 percent of cases, the testers could develop this attack further and eventually withdraw cash.’”
CWE
- CWE-1295: Debug Messages Revealing Unnecessary Information
“The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.”
CVE
- None referenced