Commit 3219675a authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add potential sources of threats and mitigations

parent 6f074f5f

EN-304-625.md

+35 −4
Original line number Diff line number Diff line
@@ -686,6 +686,14 @@ Problems with protocols working as designed are not in scope. 


Problems with the implementation of the protocols by the interface are in scope.



Potential sources:



https://owasp.org/owasp-istg/03_test_cases/physical_interfaces/index.html



https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/IT-Sicherheitskennzeichen/Informationen-Kategorie-Mobile-Endgeraete/Informationen-Kategorie-Mobile-Endgeraete.html



https://portal.etsi.org/webapp/workprogram/Report_WorkItem.asp?WKI_ID=69549



# Annex A (informative): Mapping between the present document and CRA requirements



> Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.
@@ -757,6 +765,8 @@ Physical interfaces: 


> FIXME lookup CVEs - anything from host-generated packets?



Potential sources of threats:



A generic CVE for many NICs that copied data beyond the end of the packet in memory and sent it on the network.



https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01335.html
@@ -765,17 +775,38 @@ https://www.ibm.com/support/pages/security-bulletin-vulnerability-has-been-disco 


https://app.opencve.io/cve/CVE-2016-8106



https://cyber.gouv.fr/sites/default/files/IMG/pdf/csw-trustnetworkcard.pdf



https://nvd.nist.gov/vuln/detail/CVE-2018-6973



https://cert.europa.eu/static/security-advisories/CERT-EU-SA2019-008.pdf



https://www.zerodayinitiative.com/advisories/ZDI-19-988/



https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html



https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks



cve-2017-{0561,6957,6975}



search the advisory list at https://xenbits.xen.org/xsa/ for "netback"/"netfront"/"pcnet"



https://arxiv.org/abs/2208.09975



https://www.blackhat.com/docs/us-17/wednesday/us-17-Vanhoeft-WiFuzz-Detecting-And-Exploiting_Logical-Flaws-In-The-Wi-Fi-Cryptographic-Handshake-wp.pdf



automatically connecting to an open network where a closed/encrypted one was remembered



seamlessly switching between AP's without ability to check if it's a different network



## C.3 Assumptions



> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.



> FIXME more assumptions, associate with risk factors and security requirements



- Not being attacked by a state actor

- Not using sophisticated or expensive hardware snooping techniques

- No secret hardware backdoors



Assume no physical tampering



For wireless - operating environment of standard applies



## C.4 Risk assessments of threats