CAPEC Details
Name Probe Audio and Video Peripherals
Likelyhood of attack Typical severity
Low High
Summary The adversary exploits the target system's audio and video functionalities through malware or scheduled tasks. The goal is to capture sensitive information about the target for financial, personal, political, or other gains which is accomplished by collecting communication data between two parties via the use of peripheral devices (e.g. microphones and webcams) or applications with audio and video capabilities (e.g. Skype) on a system.
Prerequisites Knowledge of the target device's or application’s vulnerabilities that can be capitalized on with malicious code. The adversary must be able to place the malicious code on the target device.
Solutions Prevent unknown code from executing on a system through the use of an allowlist policy. Patch installed applications as soon as new updates become available.
Related Weaknesses
CWE ID Description
CWE-267 Privilege Defined With Unsafe Actions
Related CAPECS
CAPEC ID Description
CAPEC-545 An adversary who is authorized or has the ability to search known system resources, does so with the intention of gathering useful information. System resources include files, memory, and other aspects of the target system. In this pattern of attack, the adversary does not necessarily know what they are going to find when they start pulling data. This is different than CAPEC-150 where the adversary knows what they are looking for due to the common location.
CAPEC-651 An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.
Taxonomy: ATTACK
Entry ID Entry Name
1123 Audio Capture
1125 Video Capture