Mobile Threat Catalogue

Unsecured or Malicious 3rd Party Components

Contribute

Threat Category: Supply Chain

ID: SPC-15

Threat Description: Unsecured, potentially malicious 3rd party components of a technology or code-base can be packaged with a product before shipment to an acquirer.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

References

  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf  2