Mobile Threat Catalogue

Malware Embedded in Critical Component


Threat Category: Supply Chain


Threat Description: An adversary with access to hardware procurement, maintenance, or upgrade control can embed malware in a critical component.1

Threat Origin

Supply Chain Attack Framework and Attack Patterns 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Obtain device measurements for comparison to normal ranges (e.g., temperature, timing, EM radiation, power consumption) to detect anomalous behavior.

Test hardware to verify it functions as expected (e.g. known inputs yield correct outputs) prior to placing or replacing the device into the production environment


  1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;  2