Mobile Threat Catalogue

Malicious Hardware or Firmware Inserted During Integration

Contribute

Threat Category: Supply Chain

ID: SPC-17

Threat Description: An adversary with access to critical components as they are being integrated into the acquired system can insert maliciously altered hardware or firmware into the system.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

References

  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013; www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf  2