Dark Mode
Capec-675 Detail
Retrieve Data from Decommissioned Devices
Standard Supply Chain Software Physical Security Hardware Likelihood: Medium Typical Severity: Medium
Parents: 116
An adversary obtains decommissioned, recycled, or discarded systems and devices that can include an organization’s intellectual property, employee data, and other types of controlled information. Systems and devices that have reached the end of their lifecycles may be subject to recycle or disposal where they can be exposed to adversarial attempts to retrieve information from internal memory chips and storage devices that are part of the system.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-675 | capec | https://capec.mitre.org/data/definitions/675.html | |
| CWE-1266 | cwe | http://cwe.mitre.org/data/definitions/1266.html | |
| T1052 | ATTACK | https://attack.mitre.org/wiki/Technique/T1052 | Exfiltration Over Physical Medium |
| REF-663 | reference_from_CAPEC | https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf | Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine, NIST Special Publication 800-88 Revision 1: Guidelines for Media Sanitization, 2014--12, National Institute of Standards and Technology |
| REF-717 | reference_from_CAPEC | https://www.cisa.gov/uscert/sites/default/files/publications/DisposeDevicesSafely.pdf | Linda Pesante, Christopher King, George Silowash, Disposing of Devices Safely, 2012, CISA United States Computer Emergency Readiness Team (US-CERT) |
Not present
- An adversary needs to have access to electronic data processing equipment being recycled or disposed of (e.g., laptops, servers) at a collection location and the ability to take control of it for the purpose of exploiting its content.
Not present
| High | Medium |
|---|---|
| An adversary may need the ability to mount printed circuit boards and target individual chips for exploitation. | |
| An adversary needs the technical skills required to extract solid state drives, hard disk drives, and other storage media to host on a compatible system or harness to gain access to digital content. |
| Accountability |
|---|
| Bypass Protection Mechanism |
- A company is contracted by an organization to provide data destruction services for solid state and hard disk drives being discarded. Prior to destruction, an adversary within the contracted company copies data from select devices, violating the data confidentiality requirements of the submitting organization.