Mobile Threat Catalogue

Malicious Logic Introduction


Threat Category: Supply Chain


Threat Description: A software or firmware programmer with access to the configuration control system can introduce malicious logic into software or microelectronics during coding and/or logic-bearing component development or update/maintenance.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Enforce strict access control and auditing for the configuration control system to enable effective auditing of any unauthorized changes to configuration settings.

Use configuration management tools that can validate that current configuration settings meet policy requirements

Test software and microelectronics to verify their functionality conforms to expected behavior and operates within normal tolerances (e.g. timing, temperature, power consumption, EM emissions) both after development and maintenance prior to placing or returning the component to the production environment


  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;  2