CAPEC-517 - Documentation Alteration to Circumvent Dial-down

An attacker with access to a manufacturer's documentation, which include descriptions of advanced technology and/or specific components' criticality, alters the documents to circumvent dial-down functionality requirements. This alteration would change the interpretation of implementation and manufacturing techniques, allowing for advanced technologies to remain in place even though these technologies might be restricted to certain customers, such as nations on the terrorist watch list, giving the attacker on the receiving end of a shipped product access to an advanced technology that might otherwise be restricted.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Ability to read, interpret, and subsequently alter manufacturer's documentation to prevent dial-down capabilities.

High level: Ability to stealthly gain access via remote compromise or physical access to the manufacturer's documentation.

Advanced knowledge of internal software and hardware components within manufacturer's development environment.

Access to the manufacturer's documentation.