Software tampering 

Software tampering involves making modifications to the application's code before or while it is running. By changing an application's code in memory or on the hard drive, protective controls can be bypassed. Through reverse engineering, application functions can be studied and altered. These modifications can, for example allow the attacker to bypass authentication mechanisms, or circumvent licensing restrictions. Also, a device's firmware can be altered to allow an attacker backdoor access to the inner workings of a device. With that kind of access, the attacker can then search for more vulnerabilities within areas of the firmware that are normally not accessible. As an example, back in 2015 the ICS security company, CyberX, used this technique to modify the web server code of a Rockwell Automation Micrologix 1100 PLC's firmware to give them access to the inner workings of the PLC. This access in turn allowed them to discover the FrostyURL vulnerability. Refer to  http://glilotcapital.com/uncategorized/cyberx/ for a complete write-up on their work.

Common attacks associated with software tampering vulnerabilities are as follows:

  • Modifying an application's runtime behavior to perform unauthorized actions
  • Exploitation via binary patching, code substitution, or code extension
  • Software license cracking
  • Trojanization of applications

You should always get your software from reputable sources. By downloading pirated software, getting updates from random places or using passed-around installation media, you are opening yourself up to "trojanized" software attacks or tampered-with firmware. Where possible, your automation devices should allow you to run cryptographically signed firmware images. This involves the device having the capabilities to verify the integrity and validity of the firmware before booting it. To protect your software from being tampered with, follow these best practice recommendations:

  • Always run any application as a restricted user in a restricted environment
  • Keep your applications and firmware up-to-date
  • Always download software installers and firmware images from the vendor's website
  • Restrict access to the computer or device running the software or firmware as much as possible by preventing the following:
    • Access to peripheral ports, such as USB and FireWire
    • Access to diagnostic and debugging ports
    • Physical access to the computer or device
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.15.99